%%% -*-BibTeX-*-
%%% ====================================================================
%%%  BibTeX-file{
%%%     author          = "Nelson H. F. Beebe",
%%%     version         = "1.66",
%%%     date            = "08 October 2020",
%%%     time            = "07:20:27 MDT",
%%%     filename        = "tosem.bib",
%%%     address         = "University of Utah
%%%                        Department of Mathematics, 110 LCB
%%%                        155 S 1400 E RM 233
%%%                        Salt Lake City, UT 84112-0090
%%%                        USA",
%%%     telephone       = "+1 801 581 5254",
%%%     FAX             = "+1 801 581 4148",
%%%     URL             = "http://www.math.utah.edu/~beebe",
%%%     checksum        = "38524 23718 126408 1248249",
%%%     email           = "beebe at math.utah.edu, beebe at acm.org,
%%%                        beebe at computer.org (Internet)",
%%%     codetable       = "ISO/ASCII",
%%%     keywords        = "bibliography; BibTeX; ACM Transactions on
%%%                        Software Engineering and Methodology",
%%%     supported       = "no",
%%%     docstring       = "This is a COMPLETE BibTeX bibliography for
%%%                        the journal ACM Transactions on Software
%%%                        Engineering and Methodology (CODEN ATSMER,
%%%                        ISSN 1049-331X (print), 1557-7392
%%%                        (electronic)), for 1992--date.
%%%
%%%                        Publication began with volume 1, number 1, in
%%%                        January 1992.  The journal appears quarterly.
%%%
%%%                        The journal has a joint World-Wide Web site
%%%                        at:
%%%
%%%                            http://www.acm.org/pubs/tosem
%%%
%%%                        Tables-of-contents of all issues are
%%%                        available at:
%%%
%%%                            http://www.acm.org/pubs/contents/journals/tosem/
%%%                            http://portal.acm.org/browse_dl.cfm?idx=J790
%%%
%%%                        Qualified subscribers can retrieve the full
%%%                        text of recent articles in PDF form.
%%%
%%%                        At version 1.66, the COMPLETE journal
%%%                        coverage looked like this:
%%%
%%%                             1992 (  15)    2002 (  15)    2012 (  19)
%%%                             1993 (  13)    2003 (  14)    2013 (  38)
%%%                             1994 (  12)    2004 (  10)    2014 (  47)
%%%                             1995 (  12)    2005 (  15)    2015 (  24)
%%%                             1996 (  14)    2006 (  12)    2016 (  17)
%%%                             1997 (  13)    2007 (  19)    2017 (  13)
%%%                             1998 (  14)    2008 (  23)    2018 (  25)
%%%                             1999 (  13)    2009 (  14)    2019 (  28)
%%%                             2000 (  14)    2010 (  14)    2020 (  33)
%%%                             2001 (  11)    2011 (  18)
%%%
%%%                             Article:        529
%%%
%%%                             Total entries:  529
%%%
%%%                        The initial draft of this bibliography was
%%%                        derived from data at the ACM Web site.
%%%
%%%                        ACM copyrights explicitly permit abstracting
%%%                        with credit, so article abstracts, keywords,
%%%                        and subject classifications have been
%%%                        included in this bibliography wherever
%%%                        available.
%%%
%%%                        The bibsource keys in the bibliography
%%%                        entries below indicate the data sources.
%%%
%%%                        URL keys in the bibliography point to
%%%                        World Wide Web locations of additional
%%%
%%%                        Spelling has been verified with the UNIX
%%%                        spell and GNU ispell programs using the
%%%                        exception dictionary stored in the
%%%                        companion file with extension .sok.
%%%
%%%                        BibTeX citation tags are uniformly chosen
%%%                        as name:year:abbrev, where name is the
%%%                        family name of the first author or editor,
%%%                        year is a 4-digit number, and abbrev is a
%%%                        3-letter condensation of important title
%%%                        words. Citation tags were automatically
%%%                        generated by software developed for the
%%%                        BibNet Project.
%%%
%%%                        In this bibliography, entries are sorted in
%%%                        publication order, using bibsort -byvolume.''
%%%
%%%                        The checksum field above contains a CRC-16
%%%                        checksum as the first value, followed by the
%%%                        equivalent of the standard UNIX wc (word
%%%                        count) utility output of lines, words, and
%%%                        characters.  This is produced by Robert
%%%                        Solovay's checksum utility.",
%%%  }
%%% ====================================================================
@Preamble{"\input bibnames.sty"}

%%% ====================================================================
%%% Acknowledgement abbreviations:
@String{ack-nhfb = "Nelson H. F. Beebe,
University of Utah,
Department of Mathematics, 110 LCB,
155 S 1400 E RM 233,
Salt Lake City, UT 84112-0090, USA,
Tel: +1 801 581 5254,
FAX: +1 801 581 4148,
e-mail: \path|beebe@math.utah.edu|,
\path|beebe@acm.org|,
\path|beebe@computer.org| (Internet),
URL: \path|http://www.math.utah.edu/~beebe/|"}

%%% ====================================================================
%%% Journal abbreviations:
@String{j-TOSEM                 = "ACM Transactions on Software Engineering and
Methodology"}

%%% ====================================================================
%%% Bibliography entries:
@Article{Offutt:1992:IST,
author =       "A. Jefferson Offutt",
title =        "Investigations of the software testing coupling
effect",
journal =      j-TOSEM,
volume =       "1",
number =       "1",
pages =        "5--20",
month =        jan,
year =         "1992",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1992-1-1/p5-offutt/p5-offutt.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1992-1-1/p5-offutt/",
abstract =     "Fault-based testing strategies test software by
focusing on specific, common types of faults. The {\em
coupling effect\/} hypothesizes that test data sets
that detect simple types of faults are sensitive enough
to detect more complex types of faults. This paper
describes empirical investigations into the coupling
effect over a specific class of software faults. All of
the results from this investigation support the
validity of the coupling effect. The major conclusion
from this investigation is the fact that by explicitly
testing for simple faults, we are also implicitly
testing for more complicated faults, giving us
confidence that fault-based testing is an effective way
to test software.",
acknowledgement = ack-nhfb,
generalterms = "Experimentation; Reliability; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "fault-based testing; mutation; software testing; unit
testing",
subject =      "Software --- Software Engineering --- Testing and
Debugging (D.2.5): {\bf Testing tools (e.g., data
generators, coverage testing)}; Software --- Software
Engineering --- Software/Program Verification (D.2.4):
{\bf Reliability}",
}

@Article{Olender:1992:ISA,
author =       "Kurt M. Olender and Leon J. Osterweil",
title =        "Interprocedural static analysis of sequencing
constraints",
journal =      j-TOSEM,
volume =       "1",
number =       "1",
pages =        "21--52",
month =        jan,
year =         "1992",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1992-1-1/p21-olender/p21-olender.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1992-1-1/p21-olender/",
abstract =     "This paper describes a system that automatically
performs static interprocedural sequencing analysis
from programmable constraint specifications. We
describe the algorithms used for interprocedural
analysis, relate the problems arising from the analysis
of real-world programs, and show how these difficulties
were overcome. Finally, we sketch the architecture of
our prototype analysis system (called Cesar) and
describe our experiences to date with its use, citing
performance and error detection characteristics.",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Languages; Reliability; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "error detection; interprocedural data flow analysis;
sequencing constraints",
subject =      "Software --- Software Engineering --- Software/Program
Verification (D.2.4): {\bf Validation}; Software ---
Software Engineering --- Testing and Debugging (D.2.5):
{\bf Debugging aids}; Software --- Software Engineering
--- Requirements/Specifications (D.2.1): {\bf
Methodologies (e.g., object-oriented, structured)};
Software --- Programming Techniques --- Sequential
Programming (D.1.4); Software --- Software Engineering
--- Design Tools and Techniques (D.2.2): {\bf
Computer-aided software engineering (CASE)}; Software
--- Software Engineering --- Software/Program
Verification (D.2.4): {\bf Reliability}; Software ---
Software Engineering --- Requirements/Specifications
(D.2.1): {\bf Languages}",
}

@Article{Basili:1992:RAC,
author =       "Victor R. Basili and Gianluigi Caldiera and Giovanni
Cantone",
title =        "A reference architecture for the component factory",
journal =      j-TOSEM,
volume =       "1",
number =       "1",
pages =        "53--80",
month =        jan,
year =         "1992",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1992-1-1/p53-basili/p53-basili.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1992-1-1/p53-basili/",
abstract =     "Software reuse can be achieved through an organization
that focuses on utilization of life cycle products from
previous developments. The component factory is both an
example of the more general concepts of experience and
domain factory and an organizational unit worth being
considered independently. The critical features of such
an organization are flexibility and continuous
improvement. In order to achieve these features we can
represent the architecture of the factory at different
levels of abstraction and define a reference
architecture from which specific architectures can be
derived by instantiation. A reference architecture is
an implementation and organization independent
representation of the component factory and its
environment. The paper outlines this reference
architecture, discusses the instantiation process, and
presents some examples of specific architectures by
comparing them in the framework of the reference
model.",
acknowledgement = ack-nhfb,
generalterms = "Design; Economics; Management; Measurement;
Performance",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "component factory; experience factory; reference
architecture; reusability",
subject =      "Software --- Software Engineering --- Management
(D.2.9); Software --- Software Engineering ---
Miscellaneous (D.2.m): {\bf Reusable software**};
Computing Milieux --- Management of Computing and
Information Systems --- Software Management (K.6.3):
{\bf Software development}; Software --- Software
Engineering --- Requirements/Specifications (D.2.1):
{\bf Methodologies (e.g., object-oriented,
structured)}; Software --- Software Engineering ---
Design Tools and Techniques (D.2.2): {\bf Software
libraries}",
}

@Article{Trammell:1992:APC,
author =       "Carmen J. Trammell and Leon H. Binder and Cathrine E.
Snyder",
title =        "The automated production control documentation system:
a case study in cleanroom software engineering",
journal =      j-TOSEM,
volume =       "1",
number =       "1",
pages =        "81--94",
month =        jan,
year =         "1992",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1992-1-1/p81-trammell/p81-trammell.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1992-1-1/p81-trammell/",
abstract =     "A prototype software system was developed for the U.S.
Naval Underwater Systems Center(NUSC) as a
demonstration of the Cleanroom Software Engineering
methodology. The Cleanroom method is a team approach to
the incremental development of software under
statistical quality control. Cleanroom's formal methods
of Box Structure specification and design, functional
verification, and statistical testing were used by a
four-person team to develop the Automated Production
Control Documentation(APCODOC) system, a relational
database application. As is typical in Cleanroom
developments, correctness of design and code were
ensured through team reviews. Eighteen errors were
found during functional verification of the design, and
nineteen errors were found during walkthrough of the
1820 lines of FOXBASE code. The software was not
executed by developers prior to independent testing
(i.e., there was no debugging). There were no errors in
compilation, no failures during statistical
certification testing, and the software was certified
at the target levels of reliability and confidence.
Team members attribute the ultimate error-free
compilation and failure-free execution of the software
to the rigor of the methodology and the intellectual
control afforded by the team approach.",
acknowledgement = ack-nhfb,
generalterms = "Design; Management; Performance; Reliability;
Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "box structures; cleanroom software engineering;
statistical quality control; statistical testing",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Methodologies
(e.g., object-oriented, structured)}; Software ---
Software Engineering --- Software/Program Verification
(D.2.4): {\bf Correctness proofs}; Software ---
Software Engineering --- Management (D.2.9): {\bf
Programming teams}; Computing Milieux --- Management of
Computing and Information Systems --- Software
Management (K.6.3): {\bf Software development};
Software --- Software Engineering --- Software/Program
Verification (D.2.4): {\bf Reliability}",
}

@Article{Ballance:1992:PLB,
author =       "Robert A. Ballance and Susan L. Graham and Michael L.
Van de Vanter",
title =        "The {Pan} language-based editing system",
journal =      j-TOSEM,
volume =       "1",
number =       "1",
pages =        "95--127",
month =        jan,
year =         "1992",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1992-1-1/p95-ballance/p95-ballance.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1992-1-1/p95-ballance/",
abstract =     "Powerful editing systems for developing complex
software documents are difficult to engineer. Besides
requiring efficient incremental algorithms and complex
data structures, such editors must accommodate flexible
editing styles, provide a consistent, coherent, and
powerful user interface, support individual variations
and projectwide configurations, maintain a sharable
database of information concerning the documents being
edited, and integrate smoothly with the other tools in
the environment. {\em Pan\/} is a language-based
editing and browsing system that exhibits these
characteristics. This paper surveys the design and
engineering of {\em Pan}, paying particular attention
to a number of issues that pervade the system:
incremental checking and analysis, information
retention in the presence of change, tolerance for
errors and anomalies, and extension facilities.",
acknowledgement = ack-nhfb,
generalterms = "Design; Documentation; Human Factors; Languages",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "coherent user interfaces; colander; contextual
constraint; extension facilities; grammatical
abstraction; interactive programming environment;
Ladle; logic programming; logical constraint grammar;
Pan; reason maintenance; syntax-recognizing editor;
tolerance for errors and anomalies",
subject =      "Software --- Software Engineering --- Coding Tools and
Techniques (D.2.3): {\bf Program editors}; Software ---
Software Engineering --- Programming Environments
(D.2.6); Software --- Software Engineering --- Design
Tools and Techniques (D.2.2): {\bf User interfaces};
Software --- Software Engineering --- Distribution,
Maintenance, and Enhancement (D.2.7)",
}

@Article{Engels:1992:BIS,
author =       "G. Engels and C. Lewerentz and M. Nagl and W.
Sch{\"a}fer and A. Sch{\"u}rr",
title =        "Building integrated software development environments.
{Part} {I} tool specification",
journal =      j-TOSEM,
volume =       "1",
number =       "2",
pages =        "135--167",
month =        apr,
year =         "1992",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1992-1-2/p135-engels/p135-engels.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1992-1-2/p135-engels/",
abstract =     "The conceptual modeling approach of the IPSEN
(Integrated Project Support Environment) project for
building highly integrated environments is based on
using attributed graphs to model and implement
arbitrary object structures, in particular all kinds of
software documents and their relationships. A language
based on graph grammars, called PROGRESS (PROgrammed
Graph REwriting SyStems), and a suitable method for the
application of this language, called graph grammar
engineering, have been developed over the last ten
years. This language and method are being extensively
used for specifying the complex graph structures of
internal document representations as well as for
specifying the functionality of all tools (editors,
browsers, analyzers, debuggers) working on these
internal representations. This paper explains the
language and the method for applying the language based
on a pragmatic nontrivial example of a software
production process and its corresponding documents. In
particular, it is shown why and how a graph
grammar-based strongly typed language is perfectly
suitable to formally specify highly integrated software
tools. In addition, it is shown that the implementation
of these tools (i.e., an environment composed of these
tools) is systematically being derived from the formal
specifications.",
acknowledgement = ack-nhfb,
generalterms = "Design; Languages",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "attribute grammars; attributed graphs; environment
generators; graph grammars",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1); Software ---
Software Engineering --- Design Tools and Techniques
(D.2.2); Software --- Software Engineering ---
Programming Environments (D.2.6); Software --- Software
Engineering --- Design** (D.2.10); Information Systems
--- Database Management --- Languages (H.2.3); Software
--- Programming Languages --- Language Classifications
(D.3.2)",
}

@Article{Kiper:1992:STR,
author =       "James D. Kiper",
title =        "Structural testing of rule-based expert systems",
journal =      j-TOSEM,
volume =       "1",
number =       "2",
pages =        "168--187",
month =        apr,
year =         "1992",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1992-1-2/p168-kiper/p168-kiper.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1992-1-2/p168-kiper/",
abstract =     "Testing of rule-based expert systems has become a high
priority for many organizations as the use of such
techniques apply to some components of rule-based
systems, e.g., the inference engine. However, to
structurally test the rule base component requires new
techniques or adaptations of existing ones. This paper
describes one such adaptation: an extension of data
flow path selection in which a graphical representation
of a rule base is defined and evaluated. This graphical
form, called a logical path graph, captures logical
paths through a rule base. These logical paths create
precisely the abstractions needed in the testing
process. An algorithm for the construction of logical
path graphs are analyzed.",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Design; Experimentation; Measurement;
Performance; Reliability",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "basis path testing; data flow path selection; expert
systems; rule bases; structured testing",
subject =      "Software --- Software Engineering --- Testing and
Debugging (D.2.5); Computing Methodologies ---
Artificial Intelligence --- Programming Languages and
Software (I.2.5): {\bf Expert system tools and
techniques}",
}

@Article{Schneider:1992:ESF,
author =       "G. Michael Schneider and Johnny Martin and W. T.
Tsai",
title =        "An experimental study of fault detection in user
requirements documents",
journal =      j-TOSEM,
volume =       "1",
number =       "2",
pages =        "188--204",
month =        apr,
year =         "1992",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1992-1-2/p188-schneider/p188-schneider.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1992-1-2/p188-schneider/",
abstract =     "This paper describes a software engineering experiment
designed to confirm results from an earlier project
which measured fault detection rates in {\em user
requirements documents\/} (URD). The experiment
described in this paper involves the creation of a
standardized URD with a known number of injected faults
of specific type. Nine independent inspection teams
were given this URD with instructions to locate as many
faults as possible using the N-fold requirements
inspection technique developed by the authors. Results
obtained from this experiment confirm earlier
conclusions about the low rate of fault detection in
requirements documents using formal inspections and the
advantages to be gained using the N-fold inspection
method. The experiment also provides new results
concerning variability in inspection team performance
and the relative difficulty of locating different
classes of URD faults.",
acknowledgement = ack-nhfb,
generalterms = "Design; Experimentation; Management; Performance;
Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "fault detection; inspections; user requirements",
subject =      "Software --- Software Engineering --- Management
(D.2.9): {\bf Programming teams}; Computing Milieux ---
Management of Computing and Information Systems ---
Software Management (K.6.3): {\bf Software
development}; Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Tools};
Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Methodologies
(e.g., object-oriented, structured)}",
}

@Article{Ostertag:1992:CSR,
author =       "Eduardo Ostertag and James Hendler and Rub{\'e}n
Prieto D{\'\i}az and Christine Braun",
title =        "Computing similarity in a reuse library system: an
{AI-based} approach",
journal =      j-TOSEM,
volume =       "1",
number =       "3",
pages =        "205--228",
month =        jul,
year =         "1992",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1992-1-3/p205-ostertag/p205-ostertag.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1992-1-3/p205-ostertag/",
abstract =     "This paper presents an AI based library system for
software reuse, called AIRS, that allows a developer to
browse a software library in search of components that
best meet some stated requirement. A {\em component\/}
is described by a set of ({\em feature, term\/}) pairs.
A feature represents a classification criterion, and is
defined by a set of related terms. The system allows to
represent {\em packages\/} (logical units that group a
set of components) which are also described in terms of
features. Candidate reuse components and packages are
selected from the library based on the degree of
similarity between their descriptions and a given
target description. Similarity is quantified by a
nonnegative magnitude ({\em distance\/}) proportional
to the effort required to obtain the target given a
candidate. Distances are computed by {\em comparator\/}
functions based on the {\em subsumption, closeness},
and {\em package\/} relations. We present a
formalization of the concepts on which the AIRS system
is based. The functionality of a prototype
implementation of the AIRS system is illustrated by
application to two different software libraries: a set
of Ada packages for data structure manipulation, and a
set of C components for use in Command, Control, and
Information Systems. Finally, we discuss some of the
ideas we are currently exploring to automate the
construction of AIRS classification libraries.",
acknowledgement = ack-nhfb,
generalterms = "Design; Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "facet classification; similarity-based retrieval",
subject =      "Software --- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf Software libraries}; Software
--- Software Engineering --- Metrics (D.2.8): {\bf
Complexity measures}; Information Systems ---
Information Storage and Retrieval --- Information
Search and Retrieval (H.3.3): {\bf Retrieval models};
Computing Milieux --- Management of Computing and
Information Systems --- Software Management (K.6.3):
{\bf Software selection}; Software --- Software
Engineering --- Miscellaneous (D.2.m): {\bf Reusable
software**}",
}

@Article{Sullivan:1992:REI,
author =       "Kevin J. Sullivan and David Notkin",
title =        "Reconciling environment integration and software
evolution",
journal =      j-TOSEM,
volume =       "1",
number =       "3",
pages =        "229--268",
month =        jul,
year =         "1992",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1992-1-3/p229-sullivan/p229-sullivan.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1992-1-3/p229-sullivan/",
abstract =     "Common software design approaches complicate both tool
integration and software evolution when applied in the
development of integrated environments. We illustrate
this by tracing the evolution of three different
designs for a simple integrated environment as
representative changes are made to the requirements. We
present an approach that eases integration and
evolution by preserving tool independence in the face
of integration. We design tool integration
relationships as separate components called {\em
mediators}, and we design tools to implicitly invoke
mediators that integrate them. Mediators separate tools
from each other, while implicit invocation allows tools
to remain independent of mediators. To enable the use
of our approach on a range of platforms, we provide a
formalized model and requirements for implicit
invocation mechanisms. We apply this model both to
analyze existing mechanisms and in the design of a
mechanism for C++.",
acknowledgement = ack-nhfb,
generalterms = "Design; Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "abstract behavior type; behavior abstraction;
component independence; environment integration; event
mechanism; implicit invocation; integrated environment;
mediator; mediator/event design; software evolution;
tool integration",
subject =      "Software --- Software Engineering --- Distribution,
Maintenance, and Enhancement (D.2.7): {\bf
Enhancement**}; Software --- Software Engineering ---
Design** (D.2.10): {\bf Methodologies**}; Computing
Milieux --- Management of Computing and Information
Systems --- Software Management (K.6.3): {\bf Software
development}; Software --- Software Engineering ---
Distribution, Maintenance, and Enhancement (D.2.7):
{\bf Extensibility**}; Computing Milieux --- Management
of Computing and Information Systems --- Software
Management (K.6.3): {\bf Software maintenance};
Software --- Software Engineering --- Programming
Environments (D.2.6); Software --- Software Engineering
--- Design Tools and Techniques (D.2.2); Theory of
Computation --- Logics and Meanings of Programs ---
Specifying and Verifying and Reasoning about Programs
(F.3.1): {\bf Assertions}; Software --- Software
Engineering --- Requirements/Specifications (D.2.1):
{\bf Methodologies (e.g., object-oriented,
structured)}",
}

@Article{Tyszberowicz:1992:OPL,
author =       "Shmuel Tyszberowicz and Amiram Yehudai",
title =        "{OBSERV} --- a prototyping language and environment",
journal =      j-TOSEM,
volume =       "1",
number =       "3",
pages =        "269--309",
month =        jul,
year =         "1992",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1992-1-3/p269-tyszberowicz/p269-tyszberowicz.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1992-1-3/p269-tyszberowicz/",
abstract =     "The OBSERV methodology for software development is
based on rapid construction of an executable
specification, or prototype, of a systems, which may be
examined and modified repeatedly to achieve the desired
functionality. The objectives of OBSERV also include
facilitating a smooth transition to a target system,
and providing means for reusing specification, design,
and code of systems and subsystems. We are particularly
interested in handling embedded systems, which are
likely to have concurrency and have some real-time
requirements. \par

The OBSERV prototyping language combines several
paradigms to express the behavior of a system. The
object-oriented approach provides the basic mechanism
for building a system from a collection of objects,
with well-defined interfaces between them. We use
finite-state machines to model the behavior of
individual objects. At a lower level, activities that
occur within objects, either upon entry to a state or
in transition between thus allowing a nonprocedural
description. \par

The environment provided to a prototype builder is as
important as the language. We have made an attempt to
provide flexible tools for executing or simulating the
prototype being built, as well as for browsing and
static checking. The first implementation of the tools
was window based but not graphic. A graphic front end,
name CRUISE, was developed afterwards. \par

A simulation sequence focuses on a single object, which
can be as complex as necessary, possibly the entire
system, and expects all the interactions between it and
the outside world to be achieved by communication
between the simulator and the user. The simulator
allows the user to easily switch back and forth from
one object to another, simulating each object in
isolation. \par

To enable testing the behavior of a prototype in a
realistic environment, it is possible to construct
objects that imitate the environment objects. We also
allow simulation of systems with missing pieces, by
calling upon the user to simulate any such missing
piece by himself.",
acknowledgement = ack-nhfb,
generalterms = "Design; Documentation; Languages",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "browsers; concurrency; CRUISE; embedded systems;
graphical user interface; interactive programming
environments; logic programming; modeling with finite
state machines; object-oriented approach; OBSERV; real
time systems; simulator; software reuse; static
checker",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1); Software ---
Software Engineering --- Design Tools and Techniques
(D.2.2); Software --- Software Engineering ---
Miscellaneous (D.2.m): {\bf Rapid prototyping**};
Software --- Software Engineering --- Miscellaneous
(D.2.m): {\bf Reusable software**}; Software ---
Programming Languages --- Language Classifications
(D.3.2): {\bf OBSERV}",
}

@Article{Yang:1992:PIA,
author =       "Wuu Yang and Susan Horwitz and Thomas Reps",
title =        "A program integration algorithm that accommodates
semantics-preserving transformations",
journal =      j-TOSEM,
volume =       "1",
number =       "3",
pages =        "310--354",
month =        jul,
year =         "1992",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1992-1-3/p310-yang/p310-yang.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1992-1-3/p310-yang/",
abstract =     "Given a program {\em Base\/} and two variants, {\em
A\/} and {\em B}, each created by modifying separate
copies of {\em Base}, the goal of program integration
is to determine whether the modifications interfere,
and if they do not, to create an integrated program
that includes both sets of changes as well as the
portions of {\em Base\/} preserved in both variants.
Text-based integration techniques, such as the one used
by the Unix {\em diff 3\/} utility, are obviously
unsatisfactory because one has no guarantees about how
the execution behavior of the integrated program
relates to the behaviors of {\em Base}, {\em A}, and
{\em B}. The first program-integration algorithm to
provide such guarantees was developed by Horwitz et
al.[13]. However, a limitation of that algorithm is
that it incorporates no notion of semantics-preserving
transformations. This limitation causes the algorithm
to be overly conservative in its definition of
interference. For example, if one variant changes the
{\em way\/} a computation is performed (without
changing the values computed) while the other variant
adds code that uses the result of the computation, the
algorithm would classify those changes as interfering.
This paper describes a new integration algorithm that
is able to accommodate semantics-preserving
transformations.",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Design",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "coarsest partition; control dependence; data
dependence; data-flow analysis; flow dependence;
program dependence graph; program integration; program
representation graph; static-single-assignment form",
subject =      "Software --- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf Programmer workbench**};
Software --- Software Engineering --- Coding Tools and
Techniques (D.2.3): {\bf Program editors}; Software ---
Software Engineering --- Programming Environments
(D.2.6); Software --- Software Engineering ---
Distribution, Maintenance, and Enhancement (D.2.7):
{\bf Enhancement**}; Software --- Software Engineering
--- Distribution, Maintenance, and Enhancement (D.2.7):
{\bf Restructuring, reverse engineering, and
reengineering}; Software --- Software Engineering ---
Distribution, Maintenance, and Enhancement (D.2.7):
{\bf Version control}; Software --- Software
Engineering --- Management (D.2.9): {\bf Software
configuration management}; Software --- Programming
Languages --- Processors (D.3.4): {\bf Optimization};
Software --- Programming Languages --- Processors
(D.3.4): {\bf Compilers}; Software --- Programming
Languages --- Processors (D.3.4): {\bf Interpreters}",
}

@Article{Batory:1992:DIH,
author =       "Don Batory and Sean O'Malley",
title =        "The design and implementation of hierarchical software
systems with reusable components",
journal =      j-TOSEM,
volume =       "1",
number =       "4",
pages =        "355--398",
month =        oct,
year =         "1992",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1992-1-4/p355-batory/p355-batory.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1992-1-4/p355-batory/",
abstract =     "We present a domain-independent model of hierarchical
software system design and construction that is based
on interchangeable software components and large-scale
reuse. The model unifies the conceptualizations of two
independent projects, Genesis and Avoca, that are
successful examples of software
component/building-block technologies and domain
modeling. Building-block technologies exploit
large-scale reuse, rely on open architecture software,
and elevate the granularity of programming to the
subsystem level. Domain modeling formalizes the
similarities and differences among systems of a domain.
We believe our model is a blueprint for achieving
software component technologies in many domains.",
acknowledgement = ack-nhfb,
generalterms = "Design; Standardization",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "domain modeling; open system architectures; reuse;
software building-blocks; software design",
subject =      "Computer Systems Organization ---
Computer-Communication Networks --- Network Protocols
(C.2.2): {\bf Protocol architecture}; Software ---
Programming Techniques --- Object-oriented Programming
(D.1.5); Software --- Software Engineering --- Design
Tools and Techniques (D.2.2): {\bf Modules and
interfaces}; Software --- Software Engineering ---
Design Tools and Techniques (D.2.2): {\bf Software
libraries}; Software --- Software Engineering ---
Distribution, Maintenance, and Enhancement (D.2.7):
{\bf Extensibility**}; Software --- Software
Engineering --- Design** (D.2.10): {\bf
Methodologies**}; Software --- Software Engineering ---
Design** (D.2.10): {\bf Representation**}; Software ---
Software Engineering --- Miscellaneous (D.2.m): {\bf
Rapid prototyping**}; Software --- Software Engineering
--- Miscellaneous (D.2.m): {\bf Reusable software**};
Computing Methodologies --- Simulation and Modeling ---
Model Development (I.6.5): {\bf Modeling
methodologies}",
}

@Article{Harel:1992:SO,
author =       "David Harel and Chaim-arie Kahana",
title =        "On statecharts with overlapping",
journal =      j-TOSEM,
volume =       "1",
number =       "4",
pages =        "399--421",
month =        oct,
year =         "1992",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1992-1-4/p399-harel/p399-harel.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1992-1-4/p399-harel/",
abstract =     "The problem of extending the language of statecharts
to include overlapping states is considered. The need
for such an extension is motivated and the subtlety of
the problem is illustrated by exhibiting the
shortcomings of naive approaches. The syntax and formal
semantics of our extension are then presented, showing
in the process that the definitions for conventional
statecharts constitute a special case. Our definitions
are rather complex, a fact that we feel points to the
inherent difficulty of such an extension. We thus
prefer to leave open the question of whether or not it
acknowledgement = ack-nhfb,
generalterms = "Design; Languages",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "higraphs; reactive systems; statecharts; visual
language",
}

@Article{Zeil:1992:DLE,
author =       "Steven J. Zeil and Faten H. Afifi and Lee J. White",
title =        "Detection of linear errors via domain testing",
journal =      j-TOSEM,
volume =       "1",
number =       "4",
pages =        "422--451",
month =        oct,
year =         "1992",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1992-1-4/p422-zeil/p422-zeil.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1992-1-4/p422-zeil/",
abstract =     "Domain testing attempts to find errors in the numeric
expressions affecting the flow of control through a
program. Intuitively, domain testing provides a
systematic form of boundary value testing for the
conditional statements within a program. Several forms
of domain testing have been proposed, all dealing with
the detection of linear errors in linear functions.
\par

Perturbation analysis has been previously developed as
a measure of the volume of faults, from within a
selected space of possible faults, left undetected by a
test set. It is adapted here to errors and error
spaces. The adapted form is used to show that the
different forms of domain testing are closer in error
detection ability than had been supposed. They may all
be considered effective for finding linear errors in
linear predicate functions. A simple extension is
proposed, which allows them to detect linear errors in
nonlinear predicate functions using only a single
acknowledgement = ack-nhfb,
generalterms = "Reliability; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "domain testing; perturbation testing",
subject =      "Software --- Software Engineering --- Testing and
Debugging (D.2.5); Mathematics of Computing ---
Numerical Analysis --- Ordinary Differential Equations
(G.1.7): {\bf Boundary value problems}",
}

@Article{Broy:1993:FST,
author =       "Manfred Broy",
title =        "Functional specification of time-sensitive
communicating systems",
journal =      j-TOSEM,
volume =       "2",
number =       "1",
pages =        "1--46",
month =        jan,
year =         "1993",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1993-2-1/p1-broy/p1-broy.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1993-2-1/p1-broy/",
abstract =     "A formal model and a logical framework for the
functional specification of time-sensitive
communicating systems and their interacting components
are outlined. The specification method is modular with
respect to sequential composition, parallel
composition, and communication feedback. Nondeterminism
is included by underspecification. The application of
the specification method to timed communicating
functions is demonstrated. Abstractions from time are
studied. In particular, a rational is given for the
chosen concepts of the functional specification
technique. The relationship between system models based
on nondeterminism and system models based on explicit
time notions is investigated. Forms of reasoning are
considered. The alternating bit protocol is used as a
running example.",
acknowledgement = ack-nhfb,
generalterms = "Design; Experimentation; Theory; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "functional system models; real-time systems;
specification",
subject =      "Software --- Software Engineering --- Software/Program
Verification (D.2.4); Software --- Operating Systems
--- Organization and Design (D.4.7); Software ---
Software Engineering --- Requirements/Specifications
(D.2.1); Computer Systems Organization ---
Computer-Communication Networks --- Network Protocols
(C.2.2)",
}

@Article{Kaiser:1993:PDI,
author =       "Gail E. Kaiser and Simon M. Kaplan",
title =        "Parallel and distributed incremental attribute
evaluation algorithms for multiuser software
development environments",
journal =      j-TOSEM,
volume =       "2",
number =       "1",
pages =        "47--92",
month =        jan,
year =         "1993",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1993-2-1/p47-kaiser/p47-kaiser.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1993-2-1/p47-kaiser/",
abstract =     "The problem of {\em change propagation\/} in multiuser
software development environments distributed across a
local-area network is addressed. The program is modeled
as an attributed parse tree segmented among multiple
user processes and changes are modeled as subtree
replacements requested asynchronously by individual
users. Change propagation is then implemented using
decentralized incremental evaluation of an attribute
grammar that defines the static semantic properties of
the programming language. Building up to our primary
result, we first present algorithms that support
parallel evaluation on a centralized tree in response
to single edits using a singe editing cursor and
multiple edits with multiple editing cursors. Then we
present our algorithm for parallel evaluation on a
decentralized tree. We also present a protocol to
guarantee reliability of the evaluation algorithm as
components of the decentralized tree become unavailable
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Design; Languages; Reliability",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "attribute grammar; change propagation; distributed;
incremental algorithm; parallel; reliability",
subject =      "Software --- Software Engineering --- Programming
Environments (D.2.6): {\bf Interactive environments};
Software --- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf Modules and interfaces};
Software --- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf Computer-aided software
engineering (CASE)}; Software --- Software Engineering
--- Coding Tools and Techniques (D.2.3): {\bf Program
editors}; Software --- Programming Languages --- Formal
Definitions and Theory (D.3.1): {\bf Semantics};
Software --- Programming Techniques --- Concurrent
Programming (D.1.3)",
}

@Article{Whittaker:1993:MAS,
author =       "James A. Whittaker and J. H. Poore",
title =        "{Markov} analysis of software specifications",
journal =      j-TOSEM,
volume =       "2",
number =       "1",
pages =        "93--106",
month =        jan,
year =         "1993",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1993-2-1/p93-whittaker/p93-whittaker.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1993-2-1/p93-whittaker/",
abstract =     "A procedure for modeling software usage with the
finite state, discrete parameter Markov chain is
described. It involves rigorous analysis of the
specification before design and coding begin. Many
benefits emerge from this process, including the
ability to synthesize a macro level usage distribution
from a micro level understanding of how the software
will be used. This usage distribution becomes the basis
for a statistical test of the software, which is
fundamental to the Cleanroom development process. Some
analytical results known for Markov chains that have
meaningful implications and interpretations for the
software development process are described.",
acknowledgement = ack-nhfb,
generalterms = "Design; Management; Measurement; Reliability;
Standardization; Theory; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "box structure method; certification; Cleanroom; Markov
chain; software specification; statistical test;
stochastic process; usage distribution",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Methodologies
(e.g., object-oriented, structured)}; Mathematics of
Computing --- Probability and Statistics (G.3);
Software --- Software Engineering --- Testing and
Debugging (D.2.5): {\bf Testing tools (e.g., data
generators, coverage testing)}; Software --- Software
Engineering --- Metrics (D.2.8): {\bf Complexity
measures}; Software --- Software Engineering ---
Management (D.2.9): {\bf Software quality assurance
(SQA)}; Computing Methodologies --- Simulation and
Modeling --- Model Development (I.6.5): {\bf Modeling
methodologies}",
}

@Article{DeMillo:1993:ERA,
author =       "Richard A. DeMillo and A. Jefferson Offutt",
title =        "Experimental results from an automatic test case
generator",
journal =      j-TOSEM,
volume =       "2",
number =       "2",
pages =        "109--127",
month =        apr,
year =         "1993",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1993-2-2/p109-demillo/p109-demillo.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1993-2-2/p109-demillo/",
abstract =     "Constraint-based testing is a novel way of generating
test data to detect specific types of common
programming faults. The conditions under which faults
will be detected are encoded as mathematical systems of
constraints in terms of program symbols. A set of
tools, collectively called Godzilla, has been
implemented that automatically generates constraint
systems and solves them to create test cases for use by
the Mothra testing system. Experimental results from
using Godzilla show that the technique can produce test
data that is very close in terms of mutation adequacy
to test data that is produced manually, and at
experiments have suggested a new procedure for unit
testing, where test cases are viewed as throw-away
items rather than scarce resources.",
acknowledgement = ack-nhfb,
generalterms = "Experimentation; Measurement; Performance;
Reliability; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "adequacy; constraints; mutation analysis",
subject =      "Software --- Software Engineering --- Testing and
Debugging (D.2.5): {\bf Testing tools (e.g., data
generators, coverage testing)}",
}

@Article{Feldman:1993:SRS,
author =       "Yishai A. Feldman and Haim Schneider",
title =        "Simulating reactive systems by deduction",
journal =      j-TOSEM,
volume =       "2",
number =       "2",
pages =        "128--175",
month =        apr,
year =         "1993",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1993-2-2/p128-feldman/p128-feldman.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1993-2-2/p128-feldman/",
abstract =     "Debugging is one of the main uses of simulation.
Localizing bugs or finding the reasons for unclear
behavior involves going backwards in time, whereas
simulation goes forward in time. Therefore, identifying
causes with the aid of most existing simulation tools
usually requires repeating the simulation several
times, each time with reduced holes in the sieve. An
alternative is simulation by deduction, a technique in
which the steps in the dynamic behavior of the
simulated model are deduced by a reasoning system. A
simulation system that uses simulation by deduction can
the simulation results. By recording the support for
its deductions, such a system can answer why'' and
why not'' questions about the scenario. \par

Another benefit of simulation by deduction is that it
enables symbolic simulation, that is, simulating a
scenario given only a partial description of the
environment and the simulated model. This allows
verifying properties of an evolving design at any stage
of the design process, and thus checking the
consequences of the design decisions made so far. In
order to allow deducing as much as possible from
partial information, the axiom system has to be
minimalistic, i.e., axioms have to require the minimum
amount of knowledge of simulation inputs. \par

These ideas were implemented in a system called SIP,
which simulates the behavior of reactive systems. SIP
is capable of answering why,'' why not,'' and
what if'' questions. It also has a limited capability
of dealing with partial knowledge. SIP is based on a
reasoning system that is responsible for deducing the
effects of the external inputs on the state of the
simulated model, and recording the support for its
deductions. The logical basis for the deduction of a
step in SIP is provided by a minimalistic axiom system
for statecharts. \par

Although SIP simulates reactive systems described as
statecharts, the principle of simulation by deduction
is applicable to other types of systems and
descriptions, provided only that they have a
well-defined formal semantics.",
acknowledgement = ack-nhfb,
generalterms = "Design; Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
subject =      "Computing Methodologies --- Artificial Intelligence
--- Deduction and Theorem Proving (I.2.3): {\bf
Deduction}; Computing Methodologies --- Simulation and
Modeling --- Simulation Support Systems (I.6.7): {\bf
Environments}; Computer Applications --- Computers in
Other Systems (J.7)",
}

@Article{Klint:1993:MEG,
author =       "P. Klint",
title =        "A meta-environment for generating programming
environments",
journal =      j-TOSEM,
volume =       "2",
number =       "2",
pages =        "176--201",
month =        apr,
year =         "1993",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1993-2-2/p176-klint/p176-klint.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1993-2-2/p176-klint/",
abstract =     "Over the last decade, considerable progress has been
made in solving the problems of automatic generation of
programming/development environments, given a formal
definition of some programming or specification
language. In most cases, research has focused on the
functionality and efficiency of the generated
environments, and, of course, these aspects will
ultimately determine the acceptance of environment
generators. However, only marginal attention has been
paid to the development process of formal language
definitions itself. Assuming that the quality of
automatically generated environments will be
satisfactory within a few years, the development costs
of formal language definitions will then become the
next limiting factor determining ultimate success and
acceptance of environment generators. \par

In this paper we describe the design and implementation
of a meta-environment (a development environment for
formal language definitions) based on the formalism ASF
+ SDF. This meta-environment is currently being
implemented as part of the Centaur system and is, at
least partly, obtained by applying environment
generation techniques to the language definition
formalism itself. A central problem is providing fully
interactive editing of modular language definitions
such that modifications made to the language definition
during editing can be translated immediately to
modifications in the programming environment generated
from the original language definition. Therefore, some
of the issues addressed are the treatment of formalisms
with user-definable syntax and incremental program
generation techniques.",
acknowledgement = ack-nhfb,
generalterms = "Design; Languages; Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
subject =      "Software --- Software Engineering --- Programming
Environments (D.2.6); Computing Methodologies ---
Artificial Intelligence --- Automatic Programming
(I.2.2); Software --- Programming Languages --- Formal
Definitions and Theory (D.3.1)",
}

@Article{Ciancarini:1993:CRB,
author =       "Paolo Ciancarini",
title =        "Coordinating rule-based software processes with
{ESP}",
journal =      j-TOSEM,
volume =       "2",
number =       "3",
pages =        "203--227",
month =        jul,
year =         "1993",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1993-2-3/p203-ciancarini/p203-ciancarini.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1993-2-3/p203-ciancarini/",
abstract =     "ESP is a language for modeling rule-based software
processes that take place in a distributed software
development environment. It is based on PoliS, an
abstract coordination model that relies on Multiple
Tuple Spaces, i.e., collections of tuples a la Linda.
PoliS extends Linda aiming at the specification and
coordination of logically distributed systems. ESP
(Extended Shared Prolog) combines the PoliS mechanisms
to deal with concurrency and distribution, with the
logic-programming language Prolog, to deal with rules
and deduction. Such a combination of a coordination
model and a logic language provides a powerful
framework in which experiments about rule-based
software process programming can be performed and
evaluated.",
acknowledgement = ack-nhfb,
generalterms = "Design; Languages",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "concurrency; logic programming; multiuser programming
environment; rule-based programming; software process;
software process modeling",
subject =      "Software --- Programming Techniques --- Concurrent
Programming (D.1.3); Software --- Software Engineering
--- Programming Environments (D.2.6); Computing
Methodologies --- Artificial Intelligence --- Deduction
and Theorem Proving (I.2.3): {\bf Deduction}; Software
--- Programming Languages --- Language Classifications
(D.3.2): {\bf Concurrent, distributed, and parallel
languages}; Computing Methodologies --- Artificial
Intelligence --- Deduction and Theorem Proving (I.2.3):
{\bf Logic programming}; Computing Milieux ---
Management of Computing and Information Systems ---
Software Management (K.6.3): {\bf Software
development}; Computing Methodologies --- Simulation
and Modeling --- Applications (I.6.3); Software ---
Software Engineering --- Design** (D.2.10): {\bf
Methodologies**}; Software --- Software Engineering ---
Management (D.2.9)",
}

@Article{Griswold:1993:AAP,
author =       "William G. Griswold and David Notkin",
title =        "Automated assistance for program restructuring",
journal =      j-TOSEM,
volume =       "2",
number =       "3",
pages =        "228--269",
month =        jul,
year =         "1993",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1993-2-3/p228-griswold/p228-griswold.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1993-2-3/p228-griswold/",
abstract =     "Maintenance tends to degrade the structure of
software, ultimately making maintenance more costly. At
times, then, it is worthwhile to manipulate the
structure of a system to make changes easier. However,
manual restructuring is an error-prone and expensive
activity. By separating structural manipulations from
other maintenance activities, the semantics of a system
can be held constant by a tool, assuring that no errors
are introduced by restructuring. To allow the
maintenance team to focus on the aspects of
restructuring and maintenance requiring human judgment,
a transformation-based tool can be provided--based on a
model that exploits preserving data flow dependence and
control flow dependence--to automate the repetitive,
error-prone, and computationally demanding aspects of
restructuring. A set of automatable transformations is
introduced; their impact on structure is described, and
their usefulness is demonstrated in examples. A model
to aid building meaning-preserving restructuring
transformations is described, and its realization in a
functioning prototype tool for restructuring Scheme
programs is discussed.",
acknowledgement = ack-nhfb,
generalterms = "Design; Management",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "CASE; flow analysis; meaning-preserving
transformations; software engineering; software
evolution; software maintenance; software
restructuring; source-level restructuring",
subject =      "Software --- Software Engineering --- Distribution,
Maintenance, and Enhancement (D.2.7): {\bf
Restructuring, reverse engineering, and reengineering};
Software --- Software Engineering --- Distribution,
Maintenance, and Enhancement (D.2.7): {\bf
Corrections**}; Software --- Software Engineering ---
Distribution, Maintenance, and Enhancement (D.2.7):
{\bf Enhancement**}; Software --- Software Engineering
--- Distribution, Maintenance, and Enhancement (D.2.7):
{\bf Extensibility**}; Software --- Software
Engineering --- Design** (D.2.10); Computing Milieux
--- Management of Computing and Information Systems ---
Software Management (K.6.3): {\bf Software
maintenance}; Software --- Software Engineering ---
Design Tools and Techniques (D.2.2): {\bf
Computer-aided software engineering (CASE)}; Computing
Methodologies --- Artificial Intelligence --- Automatic
Programming (I.2.2): {\bf Program transformation}",
}

@Article{Harrold:1993:MCS,
author =       "M. Jean Harrold and Rajiv Gupta and Mary Lou Soffa",
title =        "A methodology for controlling the size of a test
suite",
journal =      j-TOSEM,
volume =       "2",
number =       "3",
pages =        "270--285",
month =        jul,
year =         "1993",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1993-2-3/p270-harrold/p270-harrold.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1993-2-3/p270-harrold/",
abstract =     "This paper presents a technique to select a
representative set of test cases from a test suite that
provides the same coverage as the entire test suite.
This selection is performed by identifying, and then
eliminating, the redundant and obsolete test cases in
the test suite. The representative set replaces the
original test suite and thus, potentially produces a
smaller test suite. The representative set can also be
used to identify those test cases that should be rerun
to test the program after it has been changed. Our
technique is independent of the testing methodology and
only requires an association between a testing
requirement and the test cases that satisfy the
requirement. We illustrate the technique using the data
flow testing methodology. The reduction that is
possible with our technique is illustrated by
experimental results.",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Experimentation; Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "hitting set; regression testing; software engineering;
software maintenance; test suite reduction",
subject =      "Software --- Software Engineering --- Testing and
Debugging (D.2.5); Software --- Software Engineering
--- Design** (D.2.10): {\bf Methodologies**}; Software
--- Software Engineering --- Distribution, Maintenance,
and Enhancement (D.2.7): {\bf Version control}",
}

@Article{Podgurski:1993:RRS,
author =       "Andy Podgurski and Lynn Pierce",
title =        "Retrieving reusable software by sampling behavior",
journal =      j-TOSEM,
volume =       "2",
number =       "3",
pages =        "286--303",
month =        jul,
year =         "1993",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1993-2-3/p286-podgurski/p286-podgurski.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1993-2-3/p286-podgurski/",
abstract =     "A new method, called {\em behavior sampling}, is
proposed for automated retrieval of reusable components
from software libraries. Behavior sampling exploits the
property of software that distinguished it from other
forms of test: executability. Basic behavior sampling
identifies relevant routines by executing candidates on
a searcher-supplied sample of operational inputs and by
comparing their output to output provided by the
searcher. The probabilistic basis for behavior sampling
is described, and experimental results are reported
that suggest that basic behavior sampling exhibits high
precision when used with small samples. Extensions to
basic behavior sampling are proposed to improve its
recall and to make it applicable to the retrieval of
abstract data types and object classes.",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Design; Experimentation",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "behavior sampling; software libraries; software
retrieval; software reuse",
subject =      "Software --- Software Engineering --- Miscellaneous
(D.2.m): {\bf Reusable software**}; Software ---
Software Engineering --- Design Tools and Techniques
(D.2.2): {\bf Software libraries}; Software ---
Software Engineering --- Distribution, Maintenance, and
Enhancement (D.2.7); Information Systems ---
Information Storage and Retrieval --- Information
Search and Retrieval (H.3.3)",
}

@Article{Dillon:1993:VEM,
author =       "Laura K. Dillon",
journal =      j-TOSEM,
volume =       "2",
number =       "4",
pages =        "311--345",
month =        oct,
year =         "1993",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1993-2-4/p311-dillon/p311-dillon.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1993-2-4/p311-dillon/",
programmers attain a deeper understanding of the
tasking semantics. It can illustrate subtleties in
semantic definitions that are not apparent in natural
language design. We describe a contour model of Ada
control), relationships between the environments in
interact. The use of this high-level execution model
makes it possible to see what happens during execution
of a program. The paper provides an introduction to the
use.",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Design; Languages",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "contour model; visual execution model",
subject =      "Software --- Software Engineering --- Design Tools and
Techniques (D.2.2); Software --- Software Engineering
--- Programming Environments (D.2.6); Software ---
Programming Languages --- Formal Definitions and Theory
(D.3.1): {\bf Semantics}; Software --- Programming
Languages --- Language Classifications (D.3.2): {\bf
Ada}; Software --- Programming Languages --- Language
Constructs and Features (D.3.3): {\bf Concurrent
programming structures}; Software --- Programming
Techniques --- Concurrent Programming (D.1.3); Theory
of Computation --- Logics and Meanings of Programs ---
Semantics of Programming Languages (F.3.2): {\bf
Operational semantics}; Software --- Programming
Languages --- Processors (D.3.4): {\bf Interpreters}",
}

@Article{Wang:1993:DRT,
author =       "Farn Wang and Aloysius K. Mok and E. Allen Emerson",
title =        "Distributed real-time system specification and
verification in {APTL}",
journal =      j-TOSEM,
volume =       "2",
number =       "4",
pages =        "346--378",
month =        oct,
year =         "1993",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1993-2-4/p346-wang/p346-wang.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1993-2-4/p346-wang/",
Propositional Temporal Logic (APTL), for the
specification and verification of distributed hard
real-time systems. APTL extends the logic TPTL by
dealing explicitly with multiple local clocks. We
propose a distributed-system model which permits
definition of inequalities asserting the temporal
precedence of local clock readings. We show the
expressiveness of APTL through two nontrivial examples.
Our logic can be used to specify and reason about such
important properties as bounded clock rate drifting. We
then give a 2 2 0(n) tableau-based decision procedure
for determining APTL satisfiability, where {\em n\/} is
the size (number of bits) of the input formula.",
acknowledgement = ack-nhfb,
generalterms = "Languages; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "asynchronous; bounded clock rate drifting; multiclock
system model; propositional temporal logic; real-time
systems; specification; verification",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Languages};
Software --- Operating Systems --- Organization and
Design (D.4.7): {\bf Real-time systems and embedded
systems}; Software --- Programming Languages --- Formal
Definitions and Theory (D.3.1): {\bf Semantics}",
}

@Article{Zave:1993:CC,
author =       "Pamela Zave and Michael Jackson",
title =        "Conjunction as composition",
journal =      j-TOSEM,
volume =       "2",
number =       "4",
pages =        "379--411",
month =        oct,
year =         "1993",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1993-2-4/p379-zave/p379-zave.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1993-2-4/p379-zave/",
abstract =     "Partial specifications written in many different
specification languages can be composed if they are all
given semantics in the same domain, or alternatively,
all translated into a common style of predicate logic.
The common semantic domain must be very general, the
particular semantics assigned to each specification
language must be conducive to composition, and there
must be some means of communication that enables
specifications to build on one another. The criteria
for success are that a wide variety of specification
languages should be accommodated, there should be no
restrictions on where boundaries between languages can
be placed, and intuitive expectations of the specifier
should be met.",
acknowledgement = ack-nhfb,
generalterms = "Languages; Theory; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
specification; practical specification",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Languages};
Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Methodologies
(e.g., object-oriented, structured)}",
}

author =       "Rolf Adams and Walter Tichy and Annette Weinert",
title =        "The cost of selective recompilation and environment
processing",
journal =      j-TOSEM,
volume =       "3",
number =       "1",
pages =        "3--28",
month =        jan,
year =         "1994",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
note =         "See comment \cite{Brett:1995:CCS,Tichy:1995:AR}.",
abstract =     "When a single software module in a large system is
modified, a potentially large number of other modules
may have to be recompiled. By reducing both the number
of compilations and the amount of input processed by
each compilation run, the turnaround time after changes
can be reduced significantly. \par

Potential time savings are measured in a medium-sized,
industrial software project over a three-year period.
The results indicate that a large number of
compilations caused by traditional compilation unit
dependencies may be redundant. On the available data, a
mechanism that compares compiler output saves about 25
percent, smart recompilation saves 50 percent, and
smartest recompilation may save up to 80 percent of
compilation work. \par

Furthermore, all compilation methods other than
smartest recompilation process large amounts of unused
environment data. In the project analyzed, the average
environment symbols are actually used. Reading only the
actually used symbols would reduce total compiler input

Combining smart recompilation with a reduction in
environment processing might double to triple perceived
compilation speed and double linker speed, without
sacrificing static type safety.",
acknowledgement = ack-nhfb,
generalterms = "Languages; Measurement",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "empirical analysis; environment processing; selective
recompilation; separate compilation; smart
recompilation; software evolution",
subject =      "Software --- Software Engineering --- Programming
Environments (D.2.6); Software --- Software Engineering
--- Management (D.2.9): {\bf Software configuration
management}; Software --- Programming Languages ---
Processors (D.3.4); Software --- Programming Languages
--- Processors (D.3.4): {\bf Compilers}",
}

@Article{Forgacs:1994:DIF,
author =       "Istv{\'a}n Forg{\'a}cs",
title =        "Double iterative framework for flow-sensitive
interprocedural data flow analysis",
journal =      j-TOSEM,
volume =       "3",
number =       "1",
pages =        "29--55",
month =        jan,
year =         "1994",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1994-3-1/p29-forgacs/p29-forgacs.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1994-3-1/p29-forgacs/",
abstract =     "Compiler optimization, parallel processing, data flow
testing, and symbolic debugging can benefit from
interprocedural data flow analysis. However, the live,
reaching definition, and most summary data flow
problems are theoretically intractable in the
interprocedural case. A method is presented that
reduces the exponential time bound with the help of an
algorithm that solves the problem in polynomial time.
Either the resulting sets contain precise results or
the missing (or additional) results do not cause any
problems during their use. We also introduce the double
iterative framework, where one procedure is processed
at a time. The results of the intraprocedural analysis
of procedures then propagates along the edges of the
call multi-graph. In this way the intra and
interprocedural analyses are executed alternately until
there is no change in any result set. This method can
be applied to any known interprocedural data flow
problem. Here the algorithms for the kill, live
variables, and reaching definitions problems are
presented. Besides for precision, the algorithms can be
used for very large programs, and since inter and
intraprocedural analyses can be optimized separately,
the method is fast as well.",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Performance",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "data flow analysis; double iterative frameworks",
subject =      "Software --- Software Engineering --- Testing and
Debugging (D.2.5); Data --- Files (E.5); Software ---
Software Engineering --- Design Tools and Techniques
(D.2.2); Software --- Programming Languages ---
Processors (D.3.4): {\bf Optimization}",
}

@Article{Morzenti:1994:OOL,
author =       "Angelo Morzenti and Pierluigi {San Pietro}",
title =        "Object-oriented logical specification of time-critical
systems",
journal =      j-TOSEM,
volume =       "3",
number =       "1",
pages =        "56--98",
month =        jan,
year =         "1994",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1994-3-1/p56-morzenti/p56-morzenti.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1994-3-1/p56-morzenti/",
abstract =     "We define TRIO +, an object-oriented logical language
for modular system specification. TRIO + is based on
TRIO, a first-order temporal language that is well
suited to the specification of embedded and real-time
systems, and that provides an effective support to a
variety of validation activities, like specification
testing, simulation, and property proof. Unfortunately,
TRIO lacks the ability to construct specifications of
complex systems in a systematic and modular way. TRIO +
combines the use of constructs for hierarchical system
decomposition and object-oriented concepts like
inheritance and genericity with an expressive and
intuitive graphic notation, yielding a specification
language that is formal and rigorous, yet still
the user's needs. After introducing and motivating the
main features of the language, we illustrate its
application to a nontrivial case study extracted from a
real-life industrial application.",
acknowledgement = ack-nhfb,
generalterms = "Languages; Measurement; Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "first-order logic; formal specifications;
model-theoretic semantics; object-oriented
methodologies; real-time systems; temporal logic",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Methodologies
(e.g., object-oriented, structured)}; Software ---
Software Engineering --- Requirements/Specifications
(D.2.1): {\bf Tools}; Software --- Software Engineering
--- Design Tools and Techniques (D.2.2): {\bf Modules
and interfaces}; Software --- Software Engineering ---
Design Tools and Techniques (D.2.2): {\bf Software
libraries}; Software --- Operating Systems ---
Organization and Design (D.4.7): {\bf Real-time systems
and embedded systems}; Software --- Software
Engineering --- Requirements/Specifications (D.2.1):
{\bf TRIO+}",
}

@Article{Doong:1994:AAT,
author =       "Roong-Ko Doong and Phyllis G. Frankl",
title =        "The {ASTOOT} approach to testing object-oriented
programs",
journal =      j-TOSEM,
volume =       "3",
number =       "2",
pages =        "101--130",
month =        apr,
year =         "1994",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1994-3-2/p101-doong/p101-doong.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1994-3-2/p101-doong/",
testing of object-oriented programs, a set of tools
based on this approach, and two case studies. In this
approach, each test case consists of a tuple of
sequences of messages, along with tags indicating
whether these sequences should put objects of the class
under test into equivalent states and/or return objects
that are in equivalent states. Tests are executed by
sending the sequences to objects of the class under
test, then invoking a user-supplied
equivalence-checking mechanism. This approach allows
for substantial automation of many aspects of testing,
including test case generation, test driver generation,
test execution, and test checking. Experimental
prototypes of tools for test generation and test
execution are described. The test generation tool
requires the availability of an algebraic specification
of the abstract data type being tested, but the test
execution tool can be used when no formal specification
is available. Using the test execution tools, case
studies involving execution of tens of thousands of
test cases, with various sequence lengths, parameters,
and combinations of operations were performed. The
relationships among likelihood of detecting an error
and sequence length, range of parameters, and relative
frequency of various operations were investigated for
priority queue and sorted-list implementations having
subtle errors. In each case, long sequences tended to
be more likely to detect the error, provided that the
range of parameters was sufficiently large and
likelihood of detecting an error tended to increase up
to a threshold value as the parameter range
increased.",
acknowledgement = ack-nhfb,
generalterms = "Experimentation; Languages; Reliability",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "abstract data types; algebraic specification;
object-oriented programming; software testing",
subject =      "Software --- Software Engineering --- Testing and
Debugging (D.2.5): {\bf Testing tools (e.g., data
generators, coverage testing)}; Software --- Software
Engineering --- Requirements/Specifications (D.2.1):
{\bf Languages}; Software --- Programming Languages ---
Language Classifications (D.3.2): {\bf Object-oriented
languages}; Software --- Software Engineering ---
Testing and Debugging (D.2.5): {\bf Symbolic
execution}; Software --- Programming Languages ---
Language Constructs and Features (D.3.3): {\bf Abstract
data types}",
}

@Article{Dillon:1994:GIL,
author =       "L. K. Dillon and G. Kutty and L. E. Moser and P. M.
Melliar-Smith and Y. S. Ramakrishna",
title =        "A graphical interval logic for specifying concurrent
systems",
journal =      j-TOSEM,
volume =       "3",
number =       "2",
pages =        "131--165",
month =        apr,
year =         "1994",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1994-3-2/p131-dillon/p131-dillon.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1994-3-2/p131-dillon/",
is the foundation of a tool set supporting formal
specification and verification of concurrent software
systems. Experience has shown that most software
engineers find standard temporal logics difficult to
enable software engineers to specify and reason about
temporal properties of concurrent systems more easily
by providing them with a logic that has an intuitive
graphical representation and with tools that support
its use. To illustrate the use of the graphical logic,
the article provides some specifications for an
elevator system and proves several properties of the
specifications. The article also describes the tool set
and the implementation.",
acknowledgement = ack-nhfb,
generalterms = "Human Factors; Languages; Theory; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "automated proof-checking; concurrent systems; formal
specifications; graphical interval logic; temporal
logic; timing diagrams; visual languages",
subject =      "Theory of Computation --- Logics and Meanings of
Programs --- Specifying and Verifying and Reasoning
about Programs (F.3.1): {\bf Specification techniques};
Theory of Computation --- Logics and Meanings of
Programs --- Specifying and Verifying and Reasoning
about Programs (F.3.1): {\bf Mechanical verification};
Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Languages};
Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Tools};
Software --- Software Engineering --- Design Tools and
Techniques (D.2.2)",
}

@Article{Parisi-Presicce:1994:ATC,
author =       "Francesco Parisi-Presicce and Alfonso Pierantonio",
title =        "An algebraic theory of class specification",
journal =      j-TOSEM,
volume =       "3",
number =       "2",
pages =        "166--199",
month =        apr,
year =         "1994",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1994-3-2/p166-parisi-presicce/p166-parisi-presicce.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1994-3-2/p166-parisi-presicce/",
abstract =     "The notion of class (or object pattern) as defined in
most object-oriented languages is formalized using
known techniques from algebraic specifications.
Inheritance can be viewed as a relation between
classes, which suggests how classes can be arranged in
hierarchies. The hierarchies contain two kinds of
information: on the one hand, they indicate how
programs are structured and how code is shared among
classes; on the other hand, they give information about
compatible assignment rules, which are based on
subtyping. In order to distinguish between code
sharing, which is related to implementational aspects,
and functional specialization, which is connected to
the external behavior of objects, we introduce an
algebraic specification-based formalism, by which one
can specify the behavior of a class and state when a
class inherits another one. It is shown that reusing
inheritance can be reduced to specialization
inheritance with respect to a virtual class. The class
model and the two distinct aspects of inheritance allow
the definition of {\em clean\/} interconnection
mechanisms between classes leading to new classes which
inherit from old classes their correctness and their
semantics.",
acknowledgement = ack-nhfb,
generalterms = "Design; Languages",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "algebraic specifications; inheritance; interconnection
mechanisms; modularity",
subject =      "Software --- Programming Techniques ---
Object-oriented Programming (D.1.5); Software ---
Software Engineering --- Requirements/Specifications
(D.2.1): {\bf Methodologies (e.g., object-oriented,
structured)}; Software --- Software Engineering ---
Design** (D.2.10): {\bf Methodologies**}; Software ---
Programming Languages --- Formal Definitions and Theory
(D.3.1); Software --- Programming Languages ---
Language Constructs and Features (D.3.3): {\bf Abstract
data types}; Software --- Programming Languages ---
Language Constructs and Features (D.3.3): {\bf Modules,
packages}; Theory of Computation --- Logics and
Meanings of Programs --- Semantics of Programming
Languages (F.3.2): {\bf Algebraic approaches to
semantics}",
}

@Article{Bernhard:1994:RTS,
author =       "Philip J. Bernhard",
title =        "A reduced test suite for protocol conformance
testing",
journal =      j-TOSEM,
volume =       "3",
number =       "3",
pages =        "201--220",
month =        jul,
year =         "1994",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1994-3-3/p201-bernhard/p201-bernhard.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1994-3-3/p201-bernhard/",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Reliability; Theory; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "heuristics",
subject =      "Software --- Software Engineering --- Testing and
Debugging (D.2.5); Computer Systems Organization ---
Computer-Communication Networks --- Network Protocols
(C.2.2); Computer Systems Organization --- Performance
of Systems (C.4)",
}

@Article{Cheon:1994:LSI,
author =       "Yoonsik Cheon and Gary T. Leavens",
title =        "The {Larch\slash Smalltalk} interface specification
language",
journal =      j-TOSEM,
volume =       "3",
number =       "3",
pages =        "221--253",
month =        jul,
year =         "1994",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1994-3-3/p221-cheon/p221-cheon.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1994-3-3/p221-cheon/",
acknowledgement = ack-nhfb,
generalterms = "Design; Documentation; Languages",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "formal methods; interface specification;
Larch/Smalltalk; Smalltalk; specification inheritance;
subtype; verification",
subject =      "Software --- Programming Languages --- Language
Classifications (D.3.2): {\bf Larch}; Software ---
Programming Languages --- Language Classifications
(D.3.2): {\bf Smalltalk}; Software --- Software
Engineering --- Design Tools and Techniques (D.2.2);
Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Languages};
Theory of Computation --- Logics and Meanings of
Programs --- Specifying and Verifying and Reasoning
about Programs (F.3.1): {\bf Assertions}; Theory of
Computation --- Logics and Meanings of Programs ---
Specifying and Verifying and Reasoning about Programs
(F.3.1): {\bf Invariants}; Theory of Computation ---
Logics and Meanings of Programs --- Specifying and
Verifying and Reasoning about Programs (F.3.1): {\bf
Pre- and post-conditions}; Theory of Computation ---
Logics and Meanings of Programs --- Specifying and
Verifying and Reasoning about Programs (F.3.1): {\bf
Specification techniques}",
}

@Article{Jeng:1994:SDT,
author =       "Bingchiang Jeng and Elaine J. Weyuker",
title =        "A simplified domain-testing strategy",
journal =      j-TOSEM,
volume =       "3",
number =       "3",
pages =        "254--270",
month =        jul,
year =         "1994",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1994-3-3/p254-jeng/p254-jeng.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1994-3-3/p254-jeng/",
acknowledgement = ack-nhfb,
generalterms = "Reliability; Theory; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "domain testing; software testing",
subject =      "Software --- Software Engineering --- Testing and
Debugging (D.2.5)",
}

@Article{Creveuil:1994:FSD,
author =       "Christian Creveuil and Gruia-Catalin Roman",
title =        "Formal specification and design of a message router",
journal =      j-TOSEM,
volume =       "3",
number =       "4",
pages =        "271--307",
month =        oct,
year =         "1994",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1994-3-4/p271-creveuil/p271-creveuil.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1994-3-4/p271-creveuil/",
abstract =     "Formal derivation refers to a family of design
techniques that entail the development of programs
which are guaranteed to be correct by construction.
Only limited industrial use of such techniques (e.g.,
UNITY-style specification refinement) has been reported
in the literature, and there is a great need for
methodological developments aimed at facilitating their
the formal specification and design of a message router
in an attempt to identify those methodological elements
that are likely to contribute to successful industrial
uses of program derivation. Although the message router
cannot be characterized as being industrial grade, it
is a sophisticated problem that poses significant
specification and design challenges--its apparent
simplicity is rather deceiving. The main body of the
article consists of a complete formal specification of
the router and a series of successive refinements that
eventually lead to an immediate construction of a
correct UNITY program. Each refinement is accompanied
by its design rationale and is explained in a manner
accessible to a broad audience. We use this example to
make the case that program derivation provides a good
basis for introducing rigor in the design strategy,
regardless of the degrees of formality one is willing
to consider.",
acknowledgement = ack-nhfb,
generalterms = "Design; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "formal methods; program derivation; specification
refinement; UNITY",
subject =      "Software --- Programming Techniques --- Concurrent
Programming (D.1.3): {\bf Distributed programming};
Software --- Programming Techniques --- Concurrent
Programming (D.1.3): {\bf Parallel programming};
Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Methodologies
(e.g., object-oriented, structured)}; Software ---
Software Engineering --- Software/Program Verification
(D.2.4): {\bf Correctness proofs}; Software ---
Software Engineering --- Design** (D.2.10): {\bf
Methodologies**}",
}

@Article{Felder:1994:VRT,
author =       "Miguel Felder and Angelo Morzenti",
title =        "Validating real-time systems by history-checking
{TRIO} specifications",
journal =      j-TOSEM,
volume =       "3",
number =       "4",
pages =        "308--339",
month =        oct,
year =         "1994",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1994-3-4/p308-felder/p308-felder.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1994-3-4/p308-felder/",
abstract =     "We emphasize the importance of formal executable
specifications in the development of real-time systems,
as a means to assess the adequacy of the requirements
before a costly development process takes place. TRIO
is a first-order temporal logic language for executable
specification of real-time systems that deals with time
in a quantitative way by providing a metric to indicate
distance in time between events and length of time
intervals. We summarize the language and its
model-parametric semantics. Then we present an
algorithm to perform history checking, i.e., to check
that a history of the system satisfies the
specification. This algorithm can be used as a basis
for an effective specification testing tool. The
algorithm is described; an estimation of its complexity
is provided; and the main functionalities of the tool
are presented, together with sample test cases.
Finally, we draw conclusions and indicate directions of
future research.",
acknowledgement = ack-nhfb,
generalterms = "Languages; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "first-order logic; formal specifications;
model-theoretic semantics; requirements validation",
subject =      "Computer Systems Organization --- Special-Purpose and
Application-Based Systems (C.3): {\bf Real-time and
embedded systems}; Software --- Software Engineering
--- Requirements/Specifications (D.2.1); Software ---
Software Engineering --- Software/Program Verification
(D.2.4): {\bf Validation}; Software --- Operating
Systems --- Organization and Design (D.4.7): {\bf
Real-time systems and embedded systems}; Theory of
Computation --- Logics and Meanings of Programs ---
Specifying and Verifying and Reasoning about Programs
(F.3.1): {\bf Mechanical verification}; Theory of
Computation --- Logics and Meanings of Programs ---
Specifying and Verifying and Reasoning about Programs
(F.3.1): {\bf Specification techniques}",
}

@Article{Duri:1994:AEE,
author =       "S. Duri and U. Buy and R. Devarapalli and S. M.
Shatz",
title =        "Application and experimental evaluation of state space
journal =      j-TOSEM,
volume =       "3",
number =       "4",
pages =        "340--380",
month =        oct,
year =         "1994",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1994-3-4/p340-duri/p340-duri.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1994-3-4/p340-duri/",
abstract =     "An emerging challenge for software engineering is the
development of the methods and tools to aid design and
analysis of concurrent and distributed software. Over
the past few years, a number of analysis methods that
methods are based on some form of reachability
analysis, which has the advantage of being conceptually
simple, but the disadvantage of being computationally
expensive. We explore the effectiveness of various
Petri net-based techniques for the automated deadlock
analysis of Ada programs. Our experiments consider a
variety of state space reduction methods both
individually and in various combinations. The
experiments are applied to a number of classical
concurrent programs as well as a set of real-world''
programs. The results indicate that Petri net reduction
and reduced state space generation are mutually
beneficial techniques, and that combined approaches
based on Petri net models are quite effective, compared
to alternative analysis approaches.",
acknowledgement = ack-nhfb,
generalterms = "Experimentation; Languages; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
space explosion",
subject =      "Software --- Programming Techniques --- Concurrent
Programming (D.1.3): {\bf Distributed programming};
Software --- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf Computer-aided software
engineering (CASE)}; Software --- Software Engineering
--- Design Tools and Techniques (D.2.2): {\bf Petri
nets}; Software --- Software Engineering --- Testing
and Debugging (D.2.5): {\bf Debugging aids}",
}

@Article{Binkley:1995:PIL,
author =       "David Binkley and Susan Horwitz and Thomas Reps",
title =        "Program integration for languages with procedure
calls",
journal =      j-TOSEM,
volume =       "4",
number =       "1",
pages =        "3--35",
month =        jan,
year =         "1995",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1995-4-1/p3-binkley/p3-binkley.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1995-4-1/p3-binkley/",
abstract =     "Given a program Base and two variants, A and B, each
created by modifying separate copies of Base, the goal
of program integration is to determine whether the
modifications interfere, and if they do not, to create
an integrated program that incorporates both sets of
changes as well as the portions of Base preserved in
both variants. Text-based integration techniques, such
as the one used by the Unix {\em diff3\/} utility, are
obviously unsatisfactory because one has no guarantees
about how the execution behavior of the integrated
program relates to the behaviors of Base, A, and B. The
first program integration algorithm to provide such
guarantees was developed by Horwitz, Prins, and Reps.
However, a limitation of that algorithm is that it only
applied to programs written in a restricted
language--in particular, the algorithm does not handle
generalization of the Horwitz-Prins-Reps algorithm that
handles programs that consist of multiple (and possibly
mutually recursive) procedures. \par

We show that two straightforward generalizations of the
Horwitz-Prins-Reps algorithm yield unsatisfactory
results. The key issue in developing a satisfactory
algorithm is how to take into account different calling
contexts when determining what has changed in the
variants A and B. Our solution to this problem involves
identifying two different kinds of affected components
of A and B: those affected regardless of how the
procedure is called, and those affected by a changed or
new calling context. The algorithm makes use of
interprocedural program slicing to identify these
components, as well as components in Base, A, and B
with the same behavior.",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Design; Languages; Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "control dependence; data dependence; data-flow
analysis; flow-insensitive summary information; program
dependence graph; program slicing; semantics-based
program integration",
subject =      "Software --- Software Engineering --- Distribution,
Maintenance, and Enhancement (D.2.7): {\bf Version
control}; Software --- Software Engineering ---
Distribution, Maintenance, and Enhancement (D.2.7):
{\bf Restructuring, reverse engineering, and
reengineering}; Software --- Software Engineering ---
Management (D.2.9); Software --- Software Engineering
--- Design Tools and Techniques (D.2.2): {\bf
Programmer workbench**}; Software --- Software
Engineering --- Coding Tools and Techniques (D.2.3):
{\bf Program editors}; Software --- Programming
Languages --- Language Constructs and Features (D.3.3);
Software --- Programming Languages --- Processors
(D.3.4): {\bf Compilers}",
}

@Article{Howden:1995:STA,
author =       "W. E. Howden and Yudong Huang",
title =        "Software trustability analysis",
journal =      j-TOSEM,
volume =       "4",
number =       "1",
pages =        "36--64",
month =        jan,
year =         "1995",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1995-4-1/p36-howden/p36-howden.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1995-4-1/p36-howden/",
abstract =     "A measure of software dependability called
trustability is described. A program p has trustability
T if we are at least T confident that p is free of
faults. Trustability measurement depends on
detectability. The detectability of a method is the
probability that it will detect faults, when there are
faults present. Detectability research can be used to
characterize conditions under which one testing and
analysis method is more effective than another. Several
detectability results that were only previously
described informally, and illustrated by example, are
proved. Several new detectability results are also
proved. The trustability model characterizes the kind
of information that is needed to justify a given level
of trustability. When the required information is
available, the trustability approach can be used to
determine strategies in which methods are combined for
maximum effectiveness. It can be used to determine the
minimum amount of resources needed to guarantee a
required degree of trustability, and the maximum
trustability that is achievable with a given amount of
resources. Theorems proving several optimization
results are given. Applications of the trustability
model are discussed. Methods for the derivation of
detectability factors, the relationship between
trustability and operational reliability, and the
relationship between the software development process
and trustability are described.",
acknowledgement = ack-nhfb,
generalterms = "Reliability; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "analysis; dependability; detectability; failure
density; statistical; testability; testing;
trustability",
subject =      "Software --- Software Engineering --- Testing and
Debugging (D.2.5); Theory of Computation --- Logics and
Meanings of Programs --- Specifying and Verifying and
}

@Article{Young:1995:CAT,
author =       "Michal Young and Richard N. Taylor and David L. Levine
and Kari A. Nies and Debra Brodbeck",
title =        "A concurrency analysis tool suite for {Ada} programs:
rationale, design, and preliminary experience",
journal =      j-TOSEM,
volume =       "4",
number =       "1",
pages =        "65--106",
month =        jan,
year =         "1995",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1995-4-1/p65-young/p65-young.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1995-4-1/p65-young/",
abstract =     "Cats (Concurrency Analysis Tool Suite) is designed to
satisfy several criteria: it must analyze
implementation-level Ada source code and check
user-specified conditions associated with program
source code; it must be modularized in a fashion that
supports flexible composition with other tool
components, including integration with a variety of
testing and analysis techniques; and its performance
and capacity must be sufficient for analysis of real
application programs. Meeting these objectives together
is significantly more difficult than meeting any of
them alone. We describe the design and rationale of
Cats and report experience with an implementation. The
issues addressed here are primarily practical concerns
for modularizing and integrating tools for analysis of
actual source programs. We also report successful
application of Cats to major subsystems of a (nontoy)
highly concurrent user interface system.",
acknowledgement = ack-nhfb,
generalterms = "Design; Reliability; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "Ada; concurrency; software development environments;
static analysis; tool integration",
subject =      "Software --- Software Engineering --- Design Tools and
Techniques (D.2.2); Software --- Software Engineering
--- Testing and Debugging (D.2.5); Software ---
Software Engineering --- Programming Environments
(D.2.6); Software --- Programming Languages ---
Language Classifications (D.3.2): {\bf Concurrent,
distributed, and parallel languages}; Software ---
Programming Languages --- Language Constructs and
Features (D.3.3): {\bf Concurrent programming
structures}",
}

author =       "Daniel Jackson",
title =        "Aspect: detecting bugs with abstract dependences",
journal =      j-TOSEM,
volume =       "4",
number =       "2",
pages =        "109--145",
month =        apr,
year =         "1995",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1995-4-2/p109-jackson/p109-jackson.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1995-4-2/p109-jackson/",
abstract =     "Aspect is a static analysis technique for detecting
bugs in imperative programs, consisting of an
annotation language and a checking tool. Like a type
declaration, an Aspect annotation of a procedure is a
kind of declarative, partial specification that can be
checked efficiently in a modular fashion. But instead
of constraining the types of arguments and results,
Aspect specifications assert dependences that should
hold between inputs and outputs. The checker uses a
simple dependence analysis to check code against
annotations and can find bugs automatically that are
not detectable by other static means, especially errors
of omission, which are common, but resistant to type
shows how it is elaborated to handle data abstraction
and aliasing.",
acknowledgement = ack-nhfb,
generalterms = "Documentation; Languages; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "dataflow dependences; partial specification; partial
verification",
subject =      "Software --- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf Modules and interfaces};
Software --- Software Engineering --- Software/Program
Verification (D.2.4): {\bf Assertion checkers};
Software --- Software Engineering --- Testing and
Debugging (D.2.5): {\bf Symbolic execution}; Software
--- Programming Languages --- Language Constructs and
Features (D.3.3): {\bf Abstract data types}; Theory of
Computation --- Logics and Meanings of Programs ---
Specifying and Verifying and Reasoning about Programs
(F.3.1): {\bf Assertions}; Theory of Computation ---
Logics and Meanings of Programs --- Specifying and
Verifying and Reasoning about Programs (F.3.1): {\bf
Mechanical verification}; Theory of Computation ---
Logics and Meanings of Programs --- Specifying and
Verifying and Reasoning about Programs (F.3.1): {\bf
Pre- and post-conditions}",
}

@Article{Zaremski:1995:SMT,
author =       "Amy Moormann Zaremski and Jeannette M. Wing",
title =        "Signature matching: a tool for using software
libraries",
journal =      j-TOSEM,
volume =       "4",
number =       "2",
pages =        "146--170",
month =        apr,
year =         "1995",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1995-4-2/p146-zaremski/p146-zaremski.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1995-4-2/p146-zaremski/",
abstract =     "{\em Signature matching\/} is a method for organizing,
navigating through, and retrieving from software
libraries. We consider two kinds of software library
components--functions and modules--and hence two kinds
of matching--function matching and module matching. The
signature of a function is simply its type; the
signature of a module is a multiset of user-defined
types and a multiset of function signatures. For both
functions and modules, we consider not just {\em
exact\/} match but also various flavors of {\em
relaxed\/} match. We describe various applications of
signature matching as a tool for using software
libraries, inspired by the use of our implementation of
a function signature matcher written in Standard ML.",
acknowledgement = ack-nhfb,
generalterms = "Design",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "signature matching; software retrieval",
subject =      "Software --- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf Modules and interfaces};
Software --- Software Engineering --- Miscellaneous
(D.2.m): {\bf Reusable software**}; Software ---
Programming Languages --- Language Constructs and
Features (D.3.3): {\bf Data types and structures};
Software --- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf Software libraries}",
}

@Article{Pezze:1995:GMR,
author =       "Mauro Pezz{\e} and Richard N. Taylor and Michal
Young",
title =        "Graph models for reachability analysis of concurrent
programs",
journal =      j-TOSEM,
volume =       "4",
number =       "2",
pages =        "171--213",
month =        apr,
year =         "1995",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1995-4-2/p171-pezze/p171-pezze.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1995-4-2/p171-pezze/",
abstract =     "The problem of analyzing concurrent systems has been
investigated by many researchers, and several solutions
have been proposed. Among the proposed techniques,
reachability analysis--systematic enumeration of
reachable states in a finite-state model--is attractive
because it is conceptually simple and relatively
straightforward to automate and can be used in
conjunction with model-checking procedures to check for
application-specific as well as general properties.
from source code to a modeling formalism is of greater
practical importance than the underlying formalism.
Features identified as pragmatically important are the
representation of internal choice, selection of a
dynamic or static matching rule, and the ease of
applying reductions. Since combinatorial explosion is
the primary impediment to application of reachability
analysis, a particular concern in choosing a model is
facilitating divide-and-conquer analysis of large
programs. Recently, much interest in finite-state
verification systems has centered on algebraic theories
of concurrency. Algebraic structure can be used to
decompose reachability analysis based on a flowgraph
model. The semantic equivalence of graph and Petri
net-based models suggests that one ought to be able to
apply a similar strategy for decomposing Petri nets. We
describe how category-theoretic treatments of Petri
nets provide a basis for decomposition of Petri net
reachability analysis.",
acknowledgement = ack-nhfb,
generalterms = "Reliability; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
subject =      "Software --- Programming Techniques --- Concurrent
Programming (D.1.3); Software --- Software Engineering
--- Design Tools and Techniques (D.2.2): {\bf Petri
nets}; Software --- Software Engineering --- Testing
and Debugging (D.2.5): {\bf Debugging aids}; Software
--- Programming Languages --- Language Constructs and
Features (D.3.3): {\bf Concurrent programming
structures}; Theory of Computation --- Logics and
Meanings of Programs --- Specifying and Verifying and
Reasoning about Programs (F.3.1): {\bf Mechanical
verification}",
}

@Article{Brett:1995:CCS,
author =       "Bevin R. Brett",
title =        "Comments on {The cost of selective recompilation and
environment processing''}",
journal =      j-TOSEM,
volume =       "4",
number =       "2",
pages =        "214--216",
month =        apr,
year =         "1995",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1995-4-2/p214-brett/p214-brett.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1995-4-2/p214-brett/",
acknowledgement = ack-nhfb,
generalterms = "Languages; Measurement",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
subject =      "Software --- Programming Languages --- Processors
(D.3.4): {\bf Compilers}; Software --- Software
Engineering --- Programming Environments (D.2.6);
Software --- Software Engineering --- Management
(D.2.9): {\bf Software configuration management};
Software --- Programming Languages --- Processors
(D.3.4)",
}

@Article{Tichy:1995:AR,
author =       "Walter Tichy and Rolf Adams and Annette Weinert",
title =        "Authors' response",
journal =      j-TOSEM,
volume =       "4",
number =       "2",
pages =        "217--219",
month =        apr,
year =         "1995",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1995-4-2/p217-tichy/p217-tichy.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1995-4-2/p217-tichy/",
acknowledgement = ack-nhfb,
generalterms = "Languages; Measurement",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
subject =      "Software --- Programming Languages --- Processors
(D.3.4): {\bf Compilers}; Software --- Software
Engineering --- Programming Environments (D.2.6);
Software --- Software Engineering --- Management
(D.2.9): {\bf Software configuration management};
Software --- Programming Languages --- Processors
(D.3.4)",
}

@Article{Sutton:1995:ALS,
author =       "Stanley M. Sutton and Dennis Heimbigner and Leon J.
Osterweil",
title =        "{APPL/A}: a language for software process
programming",
journal =      j-TOSEM,
volume =       "4",
number =       "3",
pages =        "221--286",
month =        jul,
year =         "1995",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1995-4-3/p221-sutton/p221-sutton.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1995-4-3/p221-sutton/",
abstract =     "Software process programming is the coding of software
processes in executable programming languages. Process
programming offers many potential benefits, but their
realization has been hampered by a lack of experience
in the design and use of process programming languages.
APPL/A is a prototype software process programming
language developed to help gain this experience. It is
intended for the coding of programs to represent and
support software processes including process, product,
and project management. APPL/A is defined as an
programmable relations, concurrent triggers on relation
operations (for reactive control), optionally and
dynamically enforceable predicates on relations (which
may serve as constraints), and composite statements
that provide alternative combinations of
serializability, atomicity, and consistency enforcement
(for programming high-level transactions). APPL/A has
been used to code engineering-oriented applications,
like requirements specification and design, as well as
management-related activities, such as personnel
assignment, task scheduling, and project monitoring.
APPL/A has also enabled us to experiment with process
program design techniques and architectures, including
process state reification, intermittent (or persistent)
processes, reflexive and metaprocesses, and
multiple-process systems. Our ability to address a wide
range of software processes and process characteristics
indicates that the APPL/A constructs represent
important and general capabilities for software process
programming. \par

-- {\em Authors' Abstract\/}",
acknowledgement = ack-nhfb,
generalterms = "Design; Languages",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "consistency management; multiparadigm programming
languages; software process programming; transaction
management",
subject =      "Software --- Software Engineering --- Design Tools and
Techniques (D.2.2); Software --- Programming Languages
--- Language Classifications (D.3.2): {\bf Ada};
Software --- Programming Languages --- Language
Classifications (D.3.2): {\bf APPL}; Software ---
Programming Languages --- Language Constructs and
Features (D.3.3); Information Systems --- Database
Management --- Languages (H.2.3): {\bf Database
(persistent) programming languages}",
}

@Article{Callison:1995:TSO,
author =       "H. Rebecca Callison",
title =        "A time-sensitive object model for real-time systems",
journal =      j-TOSEM,
volume =       "4",
number =       "3",
pages =        "287--317",
month =        jul,
year =         "1995",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1995-4-3/p287-callison/p287-callison.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1995-4-3/p287-callison/",
abstract =     "Process-oriented models for real-time systems focus on
the timing constraints of {\em processes}, a focus that
can adversely affect resulting designs. Data
dependencies between processes create scheduling
interactions that limit the times at which processes
may execute. Processes are then designed to fit
available windows in the overall system schedule.
Fitting in'' frequently involves fragmenting
processes to fit scheduling windows and/or designing
program and data structures for speed rather than for
program comprehension. The result is often a system
with very sensitive timing that is hard to understand
and maintain. As an alternative to process-oriented
design, we present time-sensitive objects: a
data-oriented model for real-time systems. The
time-sensitive object (TSO) model structures systems as
time-constrained data, rather than time constrained
processing. Object values are extended to object
histories in which a sequence of time constrained
values describe the evolution of the object over time.
Systems comprise a set of objects and their
dependencies. The TSO model describes the effects of
object operations and the propagation of change among
related objects. Periodic objects, a class of objects
within the TSO model, are described in detail in this
article and compared with traditional periodic
processes. Advantages of time-sensitive objects are
identified, including greater scheduling independence
when processes have data dependencies, more opportunity
for concurrency, and greater inherent capability for
detection of and tolerance to timing errors.",
acknowledgement = ack-nhfb,
generalterms = "Design; Performance",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "concurrency; fault tolerance; object models;
programming techniques; real-time processing models;
timing constraints",
subject =      "Software --- Programming Techniques --- Concurrent
Programming (D.1.3); Software --- Software Engineering
--- Design** (D.2.10); Software --- Operating Systems
--- Reliability (D.4.5): {\bf Fault-tolerance};
Software --- Operating Systems --- Organization and
Design (D.4.7): {\bf Real-time systems and embedded
systems}",
}

@Article{Abowd:1995:FSU,
author =       "Gregory D. Abowd and Robert Allen and David Garlan",
title =        "Formalizing style to understand descriptions of
software architecture",
journal =      j-TOSEM,
volume =       "4",
number =       "4",
pages =        "319--364",
month =        oct,
year =         "1995",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1995-4-4/p319-abowd/p319-abowd.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1995-4-4/p319-abowd/",
abstract =     "The software architecture of most systems is usually
described informally and diagrammatically by means of
boxes and lines. In order for these descriptions to be
meaningful, the diagrams are understood by interpreting
the boxes and lines in specific, conventionalized ways.
The informal, imprecise nature of these interpretations
consider these conventionalized interpretations as
architectural styles and provide a formal framework for
their uniform definition. In addition to providing a
template for precisely defining new architectural
styles, this framework allows for analysis within and
between different architectural styles.",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Design; Languages; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "software architecture; Z notation",
subject =      "Theory of Computation --- Logics and Meanings of
Programs --- Specifying and Verifying and Reasoning
about Programs (F.3.1): {\bf Specification techniques};
Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Z}; Theory of
Computation --- Logics and Meanings of Programs ---
Semantics of Programming Languages (F.3.2): {\bf
Denotational semantics}; Software --- Software
Engineering --- Design Tools and Techniques (D.2.2);
Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Methodologies
(e.g., object-oriented, structured)}; Software ---
Software Engineering --- Requirements/Specifications
(D.2.1): {\bf Languages}; Software --- Software
Engineering --- Design Tools and Techniques (D.2.2):
{\bf Modules and interfaces}",
}

@Article{Jackson:1995:SZS,
author =       "Daniel Jackson",
title =        "Structuring {Z} specifications with views",
journal =      j-TOSEM,
volume =       "4",
number =       "4",
pages =        "365--389",
month =        oct,
year =         "1995",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1995-4-4/p365-jackson/p365-jackson.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1995-4-4/p365-jackson/",
abstract =     "A view is a partial specification of a program,
consisting of a state space and a set of operations. A
full specification is obtained by composing several
views, linking them through their states (by asserting
invariants across views) and through their operations
(by defining external operations as combinations of
operations from different views). By encouraging
multiple representations of the program's state, view
structuring lends clarity and terseness to the
specification of operations. And by separating
different aspects of functionality, it brings
modularity at the grossest level of organization, so
that specifications can accommodate change more
gracefully. View structuring in Z is demonstrated with
a few small examples. Both the features of Z that lend
themselves to view structuring and those that are a
hindrance are discussed.",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Languages",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "formal specification; implicit definition; views; Z",
subject =      "Theory of Computation --- Logics and Meanings of
Programs --- Specifying and Verifying and Reasoning
about Programs (F.3.1): {\bf Specification techniques};
Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Languages};
Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Methodologies
(e.g., object-oriented, structured)}; Software ---
Software Engineering --- Design** (D.2.10): {\bf
Representation**}; Software --- Software Engineering
--- Design Tools and Techniques (D.2.2): {\bf Modules
and interfaces}; Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Z}",
}

@Article{vandenBrand:1996:GFC,
author =       "Mark van den Brand and Eelco Visser",
title =        "Generation of formatters for context-free languages",
journal =      j-TOSEM,
volume =       "5",
number =       "1",
pages =        "1--41",
month =        jan,
year =         "1996",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Oct 31 06:33:29 2003",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1996-5-1/p1-van\_den\_brand/p1-van\_den\_brand.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1996-5-1/p1-van\_den\_brand/;
http://www.acm.org/pubs/citations/journals/tosem/1996-5-1/p1-van_den_brand/",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Devanbu:1996:GTA,
author =       "Premkumar T. Devanbu and David S. Rosenblum and
Alexander L. Wolf",
title =        "Generating testing and analysis tools with {Aria}",
journal =      j-TOSEM,
volume =       "5",
number =       "1",
pages =        "42--62",
month =        jan,
year =         "1996",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1996-5-1/p42-devanbu/p42-devanbu.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1996-5-1/p42-devanbu/",
abstract =     "Many software testing and analysis tools manipulate
graph representations of programs, such as abstract
syntax trees or abstract semantics graphs. Handcrafting
such tools in conventional programming languages can be
difficult, error prone, and time consuming. Our
approach is to use application generators targeted for
the domain of graph-representation-based testing and
analysis tools. Moreover, we generate the generators
themselves, so that the development of tools based on
different languages and/or representations can also be
experiences in developing and using a system called
Aria that generates testing and analysis tools based on
an abstract semantics graph representation for C and
C++ called Reprise. Aria itself was generated by the
Genoa system. We demonstrate the utility of Aria and,
thereby, the power of our approach, by showing Aria's
use in the development of a number of useful testing
and analysis tools.",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Design; Languages; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "application generators; Aria; Genoa; program
dependence graphs; program representations; Reprise;
software analysis; software testing; tools",
subject =      "Software --- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf Software libraries}; Software
--- Programming Languages --- Language Constructs and
Features (D.3.3): {\bf Control structures}; Software
--- Programming Languages --- Processors (D.3.4): {\bf
Code generation}; Data --- Data Structures (E.1): {\bf
Graphs and networks}; Software --- Programming
Languages --- Language Constructs and Features (D.3.3):
{\bf Data types and structures}; Software ---
Programming Languages --- Processors (D.3.4): {\bf
Parsing}; Software --- Software Engineering --- Metrics
(D.2.8): {\bf Complexity measures}; Software ---
Software Engineering --- Testing and Debugging
(D.2.5)",
}

@Article{Ferguson:1996:CAS,
author =       "Roger Ferguson and Bogdan Korel",
title =        "The chaining approach for software test data
generation",
journal =      j-TOSEM,
volume =       "5",
number =       "1",
pages =        "63--86",
month =        jan,
year =         "1996",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1996-5-1/p63-ferguson/p63-ferguson.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1996-5-1/p63-ferguson/",
abstract =     "Software testing is very labor intensive and expensive
and accounts for a significant portion of software
system development cost. If the testing process could
be automated, the cost of developing software could be
significantly reduced. Test data generation in program
testing is the process of identifying a set of test
data that satisfies a selected testing criterion, such
as statement coverage and branch coverage. In this
article we present a {\em chaining approach\/} for
automated software test data generation which builds on
the current theory of execution-oriented test data
generation. In the chaining approach, test data are
derived based on the actual execution of the program
under test. For many programs, the execution of the
selected statement may require prior execution of some
other statements. The existing methods of test data
generation may not efficiently generate test data for
these types of programs because they only use control
flow information of a program during the search
process. The chaining approach uses data dependence
analysis to guide the search process, i.e., data
dependence analysis automatically identifies statements
that affect the execution of the selected statement.
The chaining approach uses these statements to form a
sequence of statements that is to be executed prior to
the execution of the selected statement. The
experiments have shown that the chaining approach may
significantly improve the chances of finding test data
as compared to the existing methods of automated test
data generation.",
acknowledgement = ack-nhfb,
generalterms = "Experimentation; Measurement; Performance",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "data dependency; dynamic analysis; heuristics; program
execution",
subject =      "Software --- Software Engineering --- Testing and
Debugging (D.2.5): {\bf Testing tools (e.g., data
generators, coverage testing)}",
}

@Article{Weyuker:1996:UFC,
author =       "Elaine J. Weyuker",
title =        "Using failure cost information for testing and
reliability assessment",
journal =      j-TOSEM,
volume =       "5",
number =       "2",
pages =        "87--98",
month =        apr,
year =         "1996",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1996-5-2/p87-weyuker/p87-weyuker.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1996-5-2/p87-weyuker/",
abstract =     "A technique for incorporating failure cost information
into algorithms designed to automatically generate
software-load-testing suites is presented. A previously
introduced reliability measure is also modified to
incorporate this cost information. examples are
presented to show the usefulness of including cost
information when testing or assessing software.",
acknowledgement = ack-nhfb,
generalterms = "Experimentation; Measurement; Reliability",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "failure cost; software testing; test case selection",
subject =      "Software --- Software Engineering --- Testing and
Debugging (D.2.5); Software --- Software Engineering
--- General (D.2.0)",
}

@Article{Offutt:1996:EDS,
author =       "A. Jefferson Offutt and Ammei Lee and Gregg Rothermel
and Roland H. Untch and Christian Zapf",
title =        "An experimental determination of sufficient mutant
operators",
journal =      j-TOSEM,
volume =       "5",
number =       "2",
pages =        "99--118",
month =        apr,
year =         "1996",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1996-5-2/p99-offutt/p99-offutt.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1996-5-2/p99-offutt/",
acknowledgement = ack-nhfb,
generalterms = "Experimentation; Measurement; Reliability",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
subject =      "Software --- Software Engineering --- Testing and
Debugging (D.2.5)",
}

author =       "Francesco Bergadano and Daniele Gunetti",
title =        "Testing by means of inductive program learning",
journal =      j-TOSEM,
volume =       "5",
number =       "2",
pages =        "119--145",
month =        apr,
year =         "1996",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Reliability",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "program induction by examples",
subject =      "Software --- Software Engineering --- Testing and
Debugging (D.2.5); Computing Methodologies ---
Artificial Intelligence --- Learning (I.2.6)",
}

@Article{Snelting:1996:RCB,
author =       "Gregor Snelting",
title =        "Reengineering of configurations based on mathematical
concept analysis",
journal =      j-TOSEM,
volume =       "5",
number =       "2",
pages =        "146--189",
month =        apr,
year =         "1996",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1996-5-2/p146-snelting/p146-snelting.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1996-5-2/p146-snelting/",
acknowledgement = ack-nhfb,
generalterms = "Design; Management; Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "concept analysis; concept lattices",
subject =      "Software --- Software Engineering --- Programming
Environments (D.2.6): {\bf Interactive environments};
Software --- Software Engineering --- Distribution,
Maintenance, and Enhancement (D.2.7); Software ---
Software Engineering --- Management (D.2.9): {\bf
Software configuration management}",
}

@Article{Cugola:1996:FFI,
author =       "Gianpaolo Cugola and Elisabetta {Di Nitto} and Alfonso
Fuggetta and Carlo Ghezzi",
title =        "A framework for formalizing inconsistencies and
deviations in human-centered systems",
journal =      j-TOSEM,
volume =       "5",
number =       "3",
pages =        "191--230",
month =        jul,
year =         "1996",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1996-5-3/p191-cugola/p191-cugola.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1996-5-3/p191-cugola/",
abstract =     "Most modern business activities are carried out by a
combination of computerized tools and human agents.
Typical examples are engineering design activities,
office procedures, and banking systems. All these {\em
human-centered systems\/} are characterized by the
interaction among people, and between people and
computerized tools. This interaction defines a process,
whose effectiveness is essential to ensure the quality
of the delivered products and/or services. To support
these systems, process-centered environments and
workflow management systems have been recently
developed. They can be collectively identified with the
term {\em process technology}. This technology is based
on the explicit definition of the process to be
followed (the {\em process model\/} ). The model
specifies the kind of support that has to be provided
to human agents. An essential property that process
technology mut exhibit is the ability of tolerating,
controlling, and supporting {\em deviations\/} and {\em
inconsistencies\/} of the real-world behaviors with
respect to the process model. This is necessary to
provide consistent and effective support to the
human-centered system, still maintaining a high degree
of flexibility and adaptability to the evolving needs,
preferences, an expertise of the human agents. This
article presents a formal framework to characterize the
interaction between a human-centered system and its
automated support. It does not aim at introducing a new
language or system to describe processes. Rather, it
aims at identifying the basic properties and features
that make it possible to formally define the concepts
of inconsistency and deviation. This formal framework
can then be used to compare existing solutions and
guide future research work.",
acknowledgement = ack-nhfb,
generalterms = "Design; Human Factors; Management; Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "business processes; deviation; formal model;
human-centered systems; inconsistency; software
processes",
subject =      "Information Systems --- Models and Principles ---
User/Machine Systems (H.1.2); Software --- Software
Engineering --- Programming Environments (D.2.6);
Computing Milieux --- Management of Computing and
Information Systems --- Software Management (K.6.3)",
}

@Article{Heitmeyer:1996:ACC,
author =       "Constance L. Heitmeyer and Ralph D. Jeffords and Bruce
G. Labaw",
title =        "Automated consistency checking of requirements
specifications",
journal =      j-TOSEM,
volume =       "5",
number =       "3",
pages =        "231--261",
month =        jul,
year =         "1996",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1996-5-3/p231-heitmeyer/p231-heitmeyer.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1996-5-3/p231-heitmeyer/",
called {\em consistency checking}, for automatic
detection of errors, such as type errors,
nondeterminism, missing cases, and circular
definitions, in requirements specifications. The
technique is designed to analyze requirements
specifications expressed in the SCR (Software Cost
Reduction) tabular notation. As background, the SCR
approach to specifying requirements is reviewed. To
provide a formal semantics for the SCR notation and a
foundation for consistency checking, a formal
requirements model is introduced; the model represents
a software system as a finite-state automation which
produces externally visible outputs in response to
changes in monitored environmental quantities. Results
of two experiments are presented which evaluated the
utility and scalability of our technique for
consistency checking in real-world avionics
application. The role of consistency checking during
the requirements phase of software development is
discussed.",
acknowledgement = ack-nhfb,
generalterms = "Languages; Management; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "application-independent properties; consistency
checking; formal requirements modeling; software cost
reduction methodology; tabular notations",
subject =      "Software --- Software Engineering --- Software/Program
Verification (D.2.4); Software --- Software Engineering
--- Requirements/Specifications (D.2.1); Computing
Milieux --- Management of Computing and Information
Systems --- Software Management (K.6.3); Software ---
Software Engineering --- Design Tools and Techniques
(D.2.2)",
}

@Article{Murphy:1996:LLS,
author =       "Gail C. Murphy and David Notkin",
title =        "Lightweight lexical source model extraction",
journal =      j-TOSEM,
volume =       "5",
number =       "3",
pages =        "262--292",
month =        jul,
year =         "1996",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1996-5-3/p262-murphy/p262-murphy.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1996-5-3/p262-murphy/",
abstract =     "Software engineers maintaining an existing software
system often depend on the mechanized extraction of
information from system artifacts. Some useful kinds of
information--source models--are well known: call
graphs, file dependences, etc. Predicting every kind of
source model that a software engineer may need is
impossible. We have developed a lightweight approach
for generating flexible and tolerant source model
extractors from lexical specifications. The approach is
lightweight in that the specifications are relatively
small and easy to write. It is flexible in that there
are few constraints on the kinds of artifacts from
which source models are extracted (e.g., we can extract
from source code, structured data files, documentation,
etc.). It is tolerant in that there are few constraints
on the condition of the artifacts. For example, we can
extract from source that cannot necessarily be
compiled. Our approach extended the kinds of source
models that can be easily produced from lexical
information while avoiding the constraints and
brittleness of most parser-based approaches. We have
developed tools to support this approach and applied
the tools to the extraction of a number of different
source models (file dependences, event interactions,
call graphs) from a variety of system artifacts (C,
C++, CLOS, Eiffel. TCL, structured data). We discuss
our approach and describe its application to extract
source models not available using existing systems; for
example, we compute the implicitly-invokes relation
over Field tools. We compare and contrast our approach
to the conventional lexical and syntactic approaches of
generating source models.",
acknowledgement = ack-nhfb,
generalterms = "Design; Experimentation; Languages; Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "lexical analysis; lexing; reverse engineering; scanner
generation; scanning; software maintenance; source code
analysis; source model; static analysis",
subject =      "Software --- Software Engineering --- Design Tools and
Techniques (D.2.2); Software --- Programming Languages
--- Processors (D.3.4); Software --- Software
Engineering --- General (D.2.0)",
}

@Article{Harel:1996:SSS,
author =       "David Harel and Amnon Naamad",
title =        "The {STATEMATE} semantics of statecharts",
journal =      j-TOSEM,
volume =       "5",
number =       "4",
pages =        "293--333",
month =        oct,
year =         "1996",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1996-5-4/p293-harel/p293-harel.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1996-5-4/p293-harel/",
abstract =     "We describe the semantics of statecharts as
implemented in the STATEMATE system. This was the first
executable semantics defined for the language and has
been in use for almost a decade. In terms of the
controversy around whether changes made in a given step
should take effect in the current step or in the next
one, this semantics adopts the latter approach.",
acknowledgement = ack-nhfb,
generalterms = "Languages",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "behavioral modeling; reactive system; semantics;
statechart; STATEMATE",
subject =      "Software --- Software Engineering --- Design Tools and
Techniques (D.2.2); Software --- Programming Languages
--- Formal Definitions and Theory (D.3.1): {\bf
Semantics}; Theory of Computation --- Logics and
Meanings of Programs --- Semantics of Programming
Languages (F.3.2)",
}

@Article{Cheung:1996:CCC,
author =       "Shing Chi Cheung and Jeff Kramer",
title =        "Context constraints for compositional reachability
analysis",
journal =      j-TOSEM,
volume =       "5",
number =       "4",
pages =        "334--377",
month =        oct,
year =         "1996",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1996-5-4/p334-cheung/p334-cheung.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1996-5-4/p334-cheung/",
abstract =     "Behavior analysis of complex distributed systems has
led to the search for enhanced reachability analysis
techniques which support modularity and which control
the state explosion problem. While modularity has been
achieved, state explosion in still a problem. Indeed,
this problem may even be exacerbated, as a locally
minimized subsystem may contain many states and
transitions forbidden by its environment or context.
Context constraints, specified as interface processes,
are restrictions imposed by the environment on
subsystem behavior. Recent research has suggested that
the state explosion problem can be effectively
controlled if context constraints are incorporated in
compositional reachability analysis (CRA). Although
theoretically very promising, the approach has rarely
been used in practice because it generally requires a
more complex computational model and does not contain a
mechanism to derive context constraints automatically.
approach while using a similar computational model to
that of CRA. Context constraints are derived
automatically, based on a set of sufficient conditions
for these constraints to be transparently included when
building reachability graphs. As a result, the global
reachability graph generated using the derived
constraints is shown to be observationally equivalent
to that generated by CRA without the inclusion of
context constraints. Constraints can also be specified
explicitly by users, based on their application
knowledge. Erroneous constraints which contravene
transparency can be identified together with an
indication of the error sources. User-specified
constraints can be combined with those generated
automatically. The technique is illustrated using a
clients/server system and other examples.",
acknowledgement = ack-nhfb,
generalterms = "Design; Reliability; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "compositional techniques; concurrency; context
constraints; distributed systems; labeled transition
systems; reachability analysis; state space reduction;
static analysis; validation",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1); Software ---
Software Engineering --- Design Tools and Techniques
(D.2.2); Software --- Programming Languages ---
Language Classifications (D.3.2): {\bf Concurrent,
distributed, and parallel languages}; Software ---
Programming Languages --- Language Constructs and
Features (D.3.3): {\bf Concurrent programming
structures}; Theory of Computation --- Logics and
Meanings of Programs --- Specifying and Verifying and
}

@Article{Barrett:1996:FEB,
author =       "Daniel J. Barrett and Lori A. Clarke and Peri L. Tarr
and Alexander E. Wise",
title =        "A framework for event-based software integration",
journal =      j-TOSEM,
volume =       "5",
number =       "4",
pages =        "378--421",
month =        oct,
year =         "1996",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1996-5-4/p378-barrett/p378-barrett.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1996-5-4/p378-barrett/",
abstract =     "Although event-based software integration is one of
the most prevalent approaches to loose integration, no
consistent model for describing it exists. As a result,
there is no uniform way to discuss event-based
integration, compare approaches and implementations,
specify new event-based approaches, or match user
requirements with the capabilities of event-based
integration systems. We attempt to address these
shortcomings by specifying a {\em generic framework for
event-based integration}, the EBI framework, that
provides a flexible, object-oriented model for
discussing and comparing event-based integration
approaches. The EBI framework can model dynamic and
static specification, composition, and decomposition
and can be instantiated to describe the features of
most common event-based integration approaches. We
demonstrate how to use the framework as a reference
model by comparing and contrasting three well-known
integration systems: FIELD, Polylith, and CORBA.",
acknowledgement = ack-nhfb,
generalterms = "Design; Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "control integration; CORBA; event-based systems;
FIELD; interoperability; Polylith; reference model;
software integration",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1); Software ---
Software Engineering --- Design Tools and Techniques
(D.2.2)",
}

@Article{Anonymous:1996:AI,
author =       "Anonymous",
title =        "Author Index",
journal =      j-TOSEM,
volume =       "5",
number =       "4",
pages =        "422--423",
month =        oct,
year =         "1996",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:05:47 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1996-5-4/p422-authorindex/p422-authorindex.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1996-5-4/p422-author\_index/;
http://www.acm.org/pubs/citations/journals/tosem/1996-5-4/p422-author_index/",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Zave:1997:FDC,
author =       "Pamela Zave and Michael Jackson",
title =        "Four dark corners of requirements engineering",
journal =      j-TOSEM,
volume =       "6",
number =       "1",
pages =        "1--30",
month =        jan,
year =         "1997",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1997-6-1/p1-zave/p1-zave.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1997-6-1/p1-zave/",
abstract =     "Research in requirements engineering has produced an
extensive body of knowledge, but there are four areas
in which the foundation of the discipline seems weak or
obscure. This article shines some light in the four
dark corners,'' exposing problems and proposing
solutions. We show that all descriptions involved in
requirements engineering should be descriptions of the
environment. We show that certain control information
is necessary for sound requirements engineering, and we
explain the close association between domain knowledge
and refinement of requirements. Together these
conclusions explain the precise nature of requirements,
specifications, and domain knowledge, as well as the
precise nature of the relationships among them. They
establish minimum standards for what information should
be represented in a requirements language. They also
make it possible to determine exactly what it means for
requirements and engineering to be successfully
completed.",
acknowledgement = ack-nhfb,
generalterms = "Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "control of actions; domain knowledge; implementation
bias; refinement of requirements",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Methodologies
(e.g., object-oriented, structured)}",
}

@Article{Moser:1997:GED,
author =       "L. E. Moser and Y. S. Ramakrishna and G. Kutty and P.
M. Melliar-Smith and L. K. Dillon",
title =        "A graphical environment for the design of concurrent
real-time systems",
journal =      j-TOSEM,
volume =       "6",
number =       "1",
pages =        "31--79",
month =        jan,
year =         "1997",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1997-6-1/p31-moser/p31-moser.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1997-6-1/p31-moser/",
abstract =     "Concurrent real-time systems are among the most
difficult systems to design because of the many
possible interleavings of events and because of the
timing requirements that must be satisfied. We have
developed a graphical environment based on Real-Time
Graphical Interval Logic (RTGIL) for specifying and
reasoning about the designs of concurrent real-time
systems. Specifications in the logic have an intuitive
graphical representation that resembles the timing
diagrams drawn by software and hardware engineers, with
real-time constraints that bound the durations of
intervals. The syntax-directed editor of the RTGIL
environment enables the user to compose and edit
graphical formulas on a workstation display; the
automated theorem prover mechanically checks the
validity of proofs in the logic; and the database and
proof manager tracks proof dependencies and allows
describes the logic, methodology, and tools that
comprise the prototype RTGIL environment and
illustrates the use of the environment with an example
application.",
acknowledgement = ack-nhfb,
generalterms = "Design; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "automated deduction; concurrent systems; formal
specification and verification; graphical user
interface; real-time systems; temporal logic",
subject =      "Computer Systems Organization --- Special-Purpose and
Application-Based Systems (C.3): {\bf Real-time and
embedded systems}; Software --- Software Engineering
--- Requirements/Specifications (D.2.1): {\bf
Methodologies (e.g., object-oriented, structured)};
Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Tools};
Software --- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf Computer-aided software
engineering (CASE)}; Software --- Software Engineering
--- Design** (D.2.10): {\bf Methodologies**}; Software
--- Software Engineering --- Design** (D.2.10): {\bf
Representation**}; Theory of Computation ---
Mathematical Logic and Formal Languages ---
Mathematical Logic (F.4.1): {\bf Mechanical theorem
proving}; Theory of Computation --- Mathematical Logic
and Formal Languages --- Formal Languages (F.4.3): {\bf
Decision problems}",
}

@Article{Dillon:1997:TDT,
author =       "Laura K. Dillon",
journal =      j-TOSEM,
volume =       "6",
number =       "1",
pages =        "80--110",
month =        jan,
year =         "1997",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1997-6-1/p80-dillon/p80-dillon.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1997-6-1/p80-dillon/",
tasking in examining the implications of and possible
motivation for the rules that determine when procedures
The termination rules prevent the data that belong to
run-time instances of scope units from being
deallocated prematurely, but they are unnecessarily
conservative in this regard. For task instances that
are created by invoking a storage allocator, we show
that the conservative termination policy allows heap
storage to be managed more efficiently than a less
conservative policy. The article also examines the
manner in which the termination rules affect the
synchronization of concurrent tasks. Master-slave and
client-server applications are considered. We show that
the rules for distributed termination of concurrent
no longer affect the outcome of an execution. The
article is meant to give programmers a better
designers assess the strengths and weaknesses of the
termination model.",
acknowledgement = ack-nhfb,
generalterms = "Languages",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
subject =      "Software --- Programming Languages --- Language
Constructs and Features (D.3.3): {\bf Concurrent
programming structures}; Software --- Programming
Languages --- Language Classifications (D.3.2): {\bf
}

@Article{Henninger:1997:EAC,
author =       "Scott Henninger",
title =        "An evolutionary approach to constructing effective
software reuse repositories",
journal =      j-TOSEM,
volume =       "6",
number =       "2",
pages =        "111--140",
month =        apr,
year =         "1997",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1997-6-2/p111-henninger/p111-henninger.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1997-6-2/p111-henninger/",
abstract =     "Repositories for software reuse are faced with two
interrelated problems: (1) acquiring the knowledge to
initially construct the repository and (2) modifying
the repository to meet the evolving and dynamic needs
of software development organizations. Current software
repository methods rely heavily on classification,
which exacerbates acquisition and evolution problems by
requiring costly classification and domain analysis
efforts before a repository can be used effectively,
problems by choosing a retrieval method that utilizes
minimal repository structure to effectively support the
process of finding software components. The approach is
demonstrated through a pair of proof-of-concept
prototypes: PEEL, a tool to semiautomatically identify
reusable components, and CodeFinder, a retrieval system
that compensates for the lack of explicit knowledge
structures through a spreading activation retrieval
process. CodeFinder also allows component
representations to be modified while users are
searching for information. This mechanism adapts to the
changing nature of the information in the repository
and incrementally improves the repository while people
use it. The combination of these techniques holds
potential for designing software repositories that
minimize up-front costs, effectively support the search
process, and evolve with an organization's changing
needs.",
acknowledgement = ack-nhfb,
generalterms = "Design",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "component repositories; information retrieval;
software reuse",
subject =      "Software --- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf Software libraries}; Software
--- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf User interfaces}; Information
Systems --- Information Storage and Retrieval ---
Information Search and Retrieval (H.3.3): {\bf Query
formulation}; Information Systems --- Information
Storage and Retrieval --- Information Search and
Retrieval (H.3.3): {\bf Retrieval models}",
}

@Article{Devanbu:1997:UDL,
author =       "Premkumar Devanbu and Mark A. Jones",
title =        "The use of description logics in {KBSE} systems",
journal =      j-TOSEM,
volume =       "6",
number =       "2",
pages =        "141--172",
month =        apr,
year =         "1997",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1997-6-2/p141-devalbu/p141-devalbu.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1997-6-2/p141-devanbu/",
abstract =     "The increasing size and complexity of many software
systems demand a greater emphasis on capturing and
maintaining knowledge at many different levels within
the software development process. This knowledge
includes descriptions of the hardware and software
components and their behavior, external and internal
design specifications, and support for system testing.
The Knowledge-based software engineering (KBSE)
research paradigm is concerned with systems that use
formally represented knowledge, with associated
inference procedures, to support the various
subactivities of software development. As they growing
scale, KBSE systems must balance expressivity and
inferential power with the real demands of knowledge
base construction, maintenance, performance, and
comprehensibility. {\em Description logics\/} (DLs)
possess several features--a terminological orientation,
a formal semantics, and efficient reasoning
procedures--which offer an effective tradeoff of these
factors. We discuss three KBSE systems in which DLs
capture some of the requisite knowledge needed to
support design, coding, and testing activities. We then
survey some alternative approaches (to DLs) in KBSE
systems. We close with a discussion of the benefits of
DLs and ways to address some of their limitations.",
acknowledgement = ack-nhfb,
generalterms = "Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "automated software engineering; knowledge basis;
logics; software development environments; testing;
tools",
subject =      "Software --- Software Engineering --- Design Tools and
Techniques (D.2.2); Software --- Software Engineering
--- Coding Tools and Techniques (D.2.3); Software ---
Software Engineering --- Testing and Debugging (D.2.5);
Software --- Software Engineering --- Programming
Environments (D.2.6); Computing Methodologies ---
Artificial Intelligence --- Automatic Programming
(I.2.2); Computing Methodologies --- Artificial
Intelligence --- Knowledge Representation Formalisms
and Methods (I.2.4): {\bf Representations (procedural
and rule-based)}",
}

@Article{Rothermel:1997:SER,
author =       "Gregg Rothermel and Mary Jean Harrold",
title =        "A safe, efficient regression test selection
technique",
journal =      j-TOSEM,
volume =       "6",
number =       "2",
pages =        "173--210",
month =        apr,
year =         "1997",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1997-6-2/p173-rothermel/p173-rothermel.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1997-6-2/p173-rothermel/",
abstract =     "Regression testing is an expensive but necessary
maintenance activity performed on modified software to
provide confidence that changes are correct and do not
adversely affect other portions of the software. A
regression test selection technique chooses, from an
existing test set, tests that are deemed necessary to
validate modified software. We present a new technique
for regression test selection. Our algorithms construct
control flow graphs for a procedure or program and its
modified version and use these graphs to select tests
that execute changed code from the original test suite.
We prove that, under certain conditions, the set of
tests our technique selects includes every test from
the original test suite that con expose faults in the
modified procedure or program. Under these conditions
our algorithms are {\em safe}. Moreover, although our
algorithms may select some tests that cannot expose
faults, they are at lease as precise as other safe
regression test selection algorithms. Unlike many other
regression test selection algorithms, our algorithms
handle all language constructs and all types of program
modifications. We have implemented our algorithms;
initial empirical studies indicate that our technique
can significantly reduce the cost of regression testing
modified software.",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Measurement; Performance; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "regression test selection; regression testing;
selective retest",
subject =      "Software --- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf Computer-aided software
engineering (CASE)}; Software --- Software Engineering
--- Testing and Debugging (D.2.5); Software ---
Software Engineering --- Distribution, Maintenance, and
Enhancement (D.2.7): {\bf Corrections**}",
}

@Article{Allen:1997:FBA,
author =       "Robert Allen and David Garlan",
title =        "A formal basis for architectural connection",
journal =      j-TOSEM,
volume =       "6",
number =       "3",
pages =        "213--249",
month =        jul,
year =         "1997",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
note =         "See errata \cite{Allen:1998:EFB}.",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1997-6-3/p213-allen/p213-allen.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1997-6-3/p213-allen/",
abstract =     "As software systems become more complex, the overall
system structure--or software architecture--becomes a
central design problem. An important step toward an
engineering discipline of software is a formal basis
for describing and analyzing these designs. In the
article we present a formal approach to one aspect of
architectural design: the interactions among
components. The key idea is to define architectural
connectors as explicit semantic entities. These are
specified as a collection of protocols that
characterize each of the participant roles in an
interaction and how these roles interact. We illustrate
how this scheme can be used to define a variety of
common architectural connectors. We further provide a
formal semantics and show how this leads to a system in
which architectural compatibility can be checked in a
way analogous to type-checking in programming
languages.",
acknowledgement = ack-nhfb,
generalterms = "Design; Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "formal models; model-checking; module interconnection;
software analysis; WRIGHT",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Languages};
Software --- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf Modules and interfaces};
Software --- Software Engineering --- Design**
(D.2.10): {\bf Representation**}; Theory of Computation
--- Logics and Meanings of Programs --- Specifying and
Verifying and Reasoning about Programs (F.3.1): {\bf
Specification techniques}; Theory of Computation ---
Mathematical Logic and Formal Languages --- Formal
Languages (F.4.3)",
}

@Article{Roman:1997:MUR,
author =       "Gruia-Catalin Roman and Peter J. McCann and Jerome Y.
Plun",
title =        "Mobile {UNITY}: reasoning and specification in mobile
computing",
journal =      j-TOSEM,
volume =       "6",
number =       "3",
pages =        "250--282",
month =        jul,
year =         "1997",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1997-6-3/p250-roman/p250-roman.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1997-6-3/p250-roman/",
abstract =     "Mobile computing represents a major point of departure
The potentially very large number of independent
computing units, a decoupled computing style, frequent
disconnections, continuous position changes, and the
location-dependent nature of the behavior and
communication patterns present designers with
unprecedented challenges in the areas of modularity and
dependability. So far, the literature on mobile
computing is dominated by concerns having to de with
complements this perspective by considering the nature
of the underlying formal models that will enable us to
specify and reason about such computations. The basic
research goal is to characterize fundamental issues
facing mobile computing. We want to achieve this in a
manner analogous to the way concepts such as shared
variables and message passing help us understand
distributed computing. The pragmatic objective is to
develop techniques that facilitate the verification and
design of dependable mobile systems. Toward this goal
we employ the methods of UNITY. To focus on what is
essential, we center our study on {\em ad hoc
networks}, whose singular nature is bound to reveal the
ultimate impact of movement on the way one computes and
communicates in a mobile environment. To understand
and superposition and consider direct generalizations
to transient interactions. The motivation behind the
transient nature of the interactions comes from the
fact that components can communicate with each other
only when they are within a certain range. The notation
we employ is a highly modular extension of the UNITY
computations relies on extensions to the UNITY proof
logic.",
acknowledgement = ack-nhfb,
generalterms = "Design; Languages; Reliability; Theory; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "formal methods; mobile computing; mobile UNITY; shared
variables; synchronization; transient interactions;
weak consistency",
subject =      "Software --- Software Engineering --- Software/Program
Verification (D.2.4): {\bf Correctness proofs};
Software --- Programming Languages --- Formal
Definitions and Theory (D.3.1): {\bf Semantics};
Software --- Programming Languages --- Language
Constructs and Features (D.3.3): {\bf Concurrent
programming structures}; Theory of Computation ---
Logics and Meanings of Programs --- Specifying and
Verifying and Reasoning about Programs (F.3.1); Theory
of Computation --- Logics and Meanings of Programs ---
Semantics of Programming Languages (F.3.2)",
}

@Article{Ambriola:1997:APC,
author =       "Vincenzo Ambriola and Reidar Conradi and Alfonso
Fuggetta",
title =        "Assessing process-centered software engineering
environments",
journal =      j-TOSEM,
volume =       "6",
number =       "3",
pages =        "283--328",
month =        jul,
year =         "1997",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1997-6-3/p283-ambriola/p283-ambriola.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1997-6-3/p283-ambriola/",
abstract =     "Process-centered software engineering environments
(PSEEs) are the most recent generation of environments
supporting software development activities. They
exploit a representation of the process (called the
{\em process model\/}) that specifies how to carry out
software development activities, the roles and tasks of
software developers, and how to use and control
software development tools. A process model is
therefore a vehicle to better understand and
communicate the process. If it is expressed in a formal
notation, it can be used to support a variety of
activities such as process analysis, process
simulation, and process enactment. PSEEs provide
automatic support for these activities. They exploit
languages based on different paradigms, such as Petri
nets and rule-based systems. They include facilities to
edit and analyze process models. By enacting the
process model, a PSEE provides a variety of services,
such as assistance for software developers, automation
of routine tasks, invocation and control of software
development tools, and enforcement of mandatory rules
and practices. Several PSEEs have been developed, both
as research projects and as commercial products. The
initial deployment and exploitation of this technology
have made it possible to produce a significant amount
of experiences, comments, evaluations, and feedback. We
still lack, however, consistent and comprehensive
assessment methods that can be used to collect and
contributing to the definition of such methods, by
providing a systematic comparison grid and by
accomplishing an initial evaluation of the state of the
art in the field. This evaluation takes into account
the systems that have been developed by the authors in
the past five years, as well as the main
characteristics of other well-known environments",
acknowledgement = ack-nhfb,
generalterms = "Human Factors; Languages; Management",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "CASE; enabling technology; process modeling languages;
process-centered software engineering environments;
software process",
subject =      "Software --- Software Engineering --- Programming
Environments (D.2.6); Computing Milieux --- Management
of Computing and Information Systems --- Software
Management (K.6.3): {\bf Software development};
Computing Milieux --- Management of Computing and
Information Systems --- Software Management (K.6.3):
{\bf Software maintenance}; Software --- Software
Engineering --- Design Tools and Techniques (D.2.2):
{\bf Computer-aided software engineering (CASE)}",
}

@Article{Petrenko:1997:CRT,
author =       "Alexandre Petrenko",
title =        "Comments on {A reduced test suite for protocol
conformance testing''}",
journal =      j-TOSEM,
volume =       "6",
number =       "3",
pages =        "329--331",
month =        jul,
year =         "1997",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
note =         "See \cite{Bernhard:1994:RTS}.",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1997-6-3/p329-petrenko/p329-petrenko.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1997-6-3/p329-petrenko/",
abstract =     "A previous {\em ACM TOSEM\/} article of Ph. Bernhard
(A Reduced Test Suite of Protocol Conformance
Testing,'' {\em ACM Transactions on Software
Engineering and Methodology}, Vol. 3, No. 3, July 1994,
pages 201--220) describes three new versions of the
so-called W-method for solving the protocol-testing
problem, i.e., solving the Mealy machine equivalence
problem. The author claims that these versions all have
the same fault detection capability as the original
W-method. In this correspondence we prove that the
results of that article are incorrect.",
acknowledgement = ack-nhfb,
generalterms = "Reliability; Theory; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
subject =      "Computer Systems Organization ---
Computer-Communication Networks --- Network Protocols
(C.2.2): {\bf Protocol verification}; Software ---
Software Engineering --- Testing and Debugging (D.2.5):
{\bf Testing tools (e.g., data generators, coverage
testing)}",
}

@Article{Zaremski:1997:SMS,
author =       "Amy Moormann Zaremski and Jeannette M. Wing",
title =        "Specification matching of software components",
journal =      j-TOSEM,
volume =       "6",
number =       "4",
pages =        "333--369",
month =        oct,
year =         "1997",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1997-6-4/p333-zaremski/p333-zaremski.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1997-6-4/p333-zaremski/",
abstract =     "Specification matching is a way to compare two
software components, based on descriptions of the
component's behaviors. In the context of software reuse
and library retrieval, it can help determine whether
one component can be substituted for another or how one
can be modified to fit the requirements of the other.
In the context of object-oriented programming, it can
help determine when one type is a behavioral subtype of
another. We use formal specifications to describe the
behavior of software components and, hence, to
determine whether two components match. We give precise
definitions of not just exact match, but, more
relevantly, various flavors of relaxed match. These
definitions capture the notions of generalization,
specialization, and substitutability of software
components. Since our formal specifications are pre-
and postconditions written as predicates in first-order
logic, we rely on theorem proving to determine match
and mismatch. We give examples from our implementation
of specification matching using the Larch Prover.",
acknowledgement = ack-nhfb,
generalterms = "Documentation; Standardization; Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1); Software ---
Software Engineering --- Design Tools and Techniques
(D.2.2): {\bf Software libraries}; Software ---
Programming Languages --- Language Constructs and
Features (D.3.3): {\bf Modules, packages}; Theory of
Computation --- Logics and Meanings of Programs ---
Specifying and Verifying and Reasoning about Programs
(F.3.1): {\bf Pre- and post-conditions}; Theory of
Computation --- Logics and Meanings of Programs ---
Specifying and Verifying and Reasoning about Programs
(F.3.1): {\bf Specification techniques}; Information
Systems --- Information Storage and Retrieval ---
Information Search and Retrieval (H.3.3): {\bf
Retrieval models}; Information Systems --- Information
Storage and Retrieval --- Information Search and
Retrieval (H.3.3): {\bf Selection process}",
}

@Article{Gupta:1997:HSI,
author =       "Rajiv Gupta and Mary Lou Soffa and John Howard",
title =        "Hybrid slicing: integrating dynamic information with
static analysis",
journal =      j-TOSEM,
volume =       "6",
number =       "4",
pages =        "370--397",
month =        oct,
year =         "1997",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1997-6-4/p370-gupta/p370-gupta.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1997-6-4/p370-gupta/",
abstract =     "Program slicing is an effective technique for
narrowing the focus of attention to the relevant parts
of a program during the debugging process. However,
imprecision is a problem in static slices, since they
are based on all possible executions that reach a given
program point rather than the specific execution under
which the program is being debugged. Dynamic slices,
based on the specific execution being debugged, are
precise but incur high run-time overhead due to the
tracing information that is collected during the
program's execution. We present a hybrid slicing
technique that integrates dynamic information from a
specific execution into a static slice analysis. The
{\em hybrid slice\/} produced is more precise that the
static slice and less costly that the dynamic slice.
The technique exploits dynamic information that is
information and the dynamic call graph. This
information is integrated into a static slicing
analysis to more accurately estimate the potential
paths taken by the program. The breakpoints and
call/return points, used as reference points, divide
the execution path into intervals. By associating each
statement in the slice with an execution interval,
hybrid slicing provides information as to when a
statement was encountered during execution. Another
attractive feature of our approach is that it allows
the user to control the cost of hybrid slicing by
limiting the amount of dynamic information used in
computing the slice. We implemented the hybrid slicing
technique to demonstrate the feasibility of our
approach.",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Experimentation; Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "breakpoint; dynamic call graph; dynamic slice; hybrid
slice; static slice",
subject =      "Software --- Software Engineering --- Testing and
Debugging (D.2.5)",
}

@Article{Zeller:1997:UVT,
author =       "Andreas Zeller and Gregor Snelting",
title =        "Unified versioning through feature logic",
journal =      j-TOSEM,
volume =       "6",
number =       "4",
pages =        "398--441",
month =        oct,
year =         "1997",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1997-6-4/p398-zeller/p398-zeller.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1997-6-4/p398-zeller/",
abstract =     "Software configuration management (SCM) suffers from
tight coupling between SCM version-ing models and the
imposed SCM processes. In order to adapt SCM tools to
SCM processes, rather than vice versa, we propose a
unified versioning model, the {\em version set model}.
Version sets denote versions, components, and
configurations by {\em feature terms}, that is, Boolean
terms over ({\em feature : value\/})-attributions.
Through {\em feature logic}, we deduce consistency of
abstract configurations as well as features of derived
components and describe how features propagate in the
SCM process; using {\em feature implications}, we
integrate change-oriented and version-oriented SCM
models. We have implemented the version set model in an
SCM system called ICE, for {\em Incremental
Configuration Environment}. ICE is based on a {\em
featured file system (FFS)}, where version sets are
accessed as virtual files and directories. Using the
well-known C preprocessor (CPP) representation, users
can view and edit multiple versions simultaneously,
while only the differences between versions are stored.
It turns out that all major SCM models can be realized
and integrated efficiently on top of the FFS,
demonstrating the flexible and unifying nature of the
version set model.",
acknowledgement = ack-nhfb,
generalterms = "Management; Standardization; Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "feature logic; version sets",
subject =      "Software --- Software Engineering --- Programming
Environments (D.2.6); Software --- Software Engineering
--- Distribution, Maintenance, and Enhancement (D.2.7):
{\bf Version control}; Software --- Software
Engineering --- Management (D.2.9): {\bf Software
configuration management}; Software --- Operating
Systems --- File Systems Management (D.4.3); Computing
Methodologies --- Artificial Intelligence --- Deduction
and Theorem Proving (I.2.3); Computing Methodologies
--- Artificial Intelligence --- Knowledge
Representation Formalisms and Methods (I.2.4); Software
--- Software Engineering --- Management (D.2.9): {\bf
Programming teams}",
}

@Article{Doppke:1998:SPM,
author =       "John C. Doppke and Dennis Heimbigner and Alexander L.
Wolf",
title =        "Software process modeling and execution within virtual
environments",
journal =      j-TOSEM,
volume =       "7",
number =       "1",
pages =        "1--40",
month =        jan,
year =         "1998",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1998-7-1/p1-doppke/p1-doppke.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1998-7-1/p1-doppke/",
abstract =     "In the past, multiuser virtual environments have been
developed as venues for entertainment and social
interaction. Recent research focuses instead on their
utility in carrying out work in the real world. This
research has identified the importance of a mapping
between the real and the virtual that permits the
representation of real tasks in the virtual
environment. We investigate the use of virtual
environments--in particular, MUDs (Multi-User
Dimensions)--in the domain of software process. In so
doing, we define a mapping, or {\em metaphor}, that
permits the representation of software processes within
a MUD. The system resulting from this mapping, called
{\em Promo}, permits the modeling and execution of
software processes by geographically dispersed
agents.",
acknowledgement = ack-nhfb,
generalterms = "Design; Management; Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "MOO; MUD; PROMO; software process; tools; virtual
environments",
subject =      "Software --- Software Engineering --- Programming
Environments (D.2.6); Computing Milieux --- Management
of Computing and Information Systems --- Software
Management (K.6.3); Information Systems --- Information
Interfaces and Presentation --- Multimedia Information
Systems (H.5.1): {\bf Artificial, augmented, and
virtual realities}; Software --- Software Engineering
--- Management (D.2.9): {\bf Software process models
(e.g., CMM, ISO, PSP)}",
}

@Article{Porter:1998:USV,
author =       "Adam Porter and Harvey Siy and Audris Mockus and
Lawrence Votta",
title =        "Understanding the sources of variation in software
inspections",
journal =      j-TOSEM,
volume =       "7",
number =       "1",
pages =        "41--79",
month =        jan,
year =         "1998",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1998-7-1/p41-porter/p41-porter.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1998-7-1/p41-porter/",
abstract =     "In a previous experiment, we determined how various
changes in three structural elements of the software
inspection process (team size and the number and
sequencing of sessions) altered effectiveness and
interval. Our results showed that such changes did not
significantly influence the defect detection rate, but
that certain combinations of changes dramatically
increased the inspection interval. We also observed a
large amount of unexplained variance in the data,
indicating that other factors must be affecting
inspection performance. The nature and extent of these
other factors now have to be determined to ensure that
they had not biased our earlier results. Also,
identifying these other factors might suggest
additional ways to improve the efficiency of
inspections. Acting on the hypothesis that the
inputs'' into the inspection process (reviewers,
authors, and code units) were significant sources of
variation, we modeled their effects on inspection
performance. We found that they were responsible for
much more variation in detect detection than was
process structure. This leads us to conclude that
better defect detection techniques, not better process
structures, are the key to improving inspection
effectiveness. The combined effects of process inputs
and process structure on the inspection interval
accounted for only a small percentage of the variance
in inspection interval. Therefore, there must be other
factors which need to be identified.",
acknowledgement = ack-nhfb,
generalterms = "Design; Experimentation; Measurement; Performance;
Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "empirical studies; software inspection; software
process; statistical models",
subject =      "Software --- Software Engineering --- Testing and
Debugging (D.2.5): {\bf Code inspections and
walk-throughs}; Software --- Software Engineering ---
Management (D.2.9): {\bf Software process models (e.g.,
CMM, ISO, PSP)}",
}

@Article{Baresi:1998:TFS,
author =       "Luciano Baresi and Mauro Pezz{\e}",
title =        "Toward formalizing structured analysis",
journal =      j-TOSEM,
volume =       "7",
number =       "1",
pages =        "80--107",
month =        jan,
year =         "1998",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1998-7-1/p80-baresi/p80-baresi.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1998-7-1/p80-baresi/",
abstract =     "Real-time extensions to structured analysis (SA/RT)
are popular in industrial practice. Despite the large
industrial experience and the attempts to formalize the
various dialects,'' SA/RT notations are still
the semantic problems of the requirements definition
notation defined by Hatley and Pirbhai, one of the
popular SA/RT dialects,'' and discusses possible
solutions. As opposed to other articles that give their
identifies imprecisions, i.e., missing or partial
information about features of the notation; it
discusses ambiguities, i.e., elements of the definition
that allow at least two different (reasonable'')
interpretations of features of the notation; and it
lists extensions, i.e., features not belonging to the
notation, but required by many industrial users and
by clarifying whether specific interpretations can be
given unique semantics or retain ambiguities of the
original definition. The article allows for the
evaluation of formal definitions by indicating
alternatives and consequences of the specific
choices.",
acknowledgement = ack-nhfb,
generalterms = "Design; Documentation; Measurement; Performance;
Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "Hatley and Pirbhai's requirements definition notation;
informal versus formal specifications; structured
analysis/real-time",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Methodologies
(e.g., object-oriented, structured)}; Software ---
Software Engineering --- Coding Tools and Techniques
(D.2.3): {\bf Structured programming}",
}

@Article{Bowdidge:1998:SRD,
author =       "Robert W. Bowdidge and William G. Griswold",
title =        "Supporting the restructuring of data abstractions
through manipulation of a program visualization",
journal =      j-TOSEM,
volume =       "7",
number =       "2",
pages =        "109--157",
month =        apr,
year =         "1998",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1998-7-2/p109-bowdidge/p109-bowdidge.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1998-7-2/p109-bowdidge/",
abstract =     "With a meaning-preserving restructuring tool, a
software engineer can change a program's structure to
ease future modifications. However, deciding how to
restructure the program requires a global understanding
of the program's structure, which cannot be derived
easily by directly inspecting the source code. We
describe a manipulable program visualization--the {\em
star diagram\/} --that supports the restructuring task
of encapsulating a global data structure. The star
diagram graphically displays information pertinent to
encapsulation, and direct manipulation of the diagram
causes the underlying program to be restructured. The
visualization compactly presents all statements in the
program that use the given global data structure,
helping the programmer to choose the functions that
visualization elides code unrelated to the data
structure and to the task and collapses similar
expressions to help the programmer identify frequently
occurring code fragments and manipulate them together.
The visualization is mapped directly to the program
text, so manipulation of the visualization also
restructures the program. We present the star diagram
concept and describe an implementation of the star
diagram built upon a meaning-preserving restructuring
tool for Scheme. We also describe our creation of star
diagram generators for C programs, and we test the
scalability of the star diagram using large C and MUMPS
programs.",
acknowledgement = ack-nhfb,
generalterms = "Design",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "meaning-preserving restructuring; semi-automated
restructuring; software visualization; star diagram;
tool-supported restructuring",
subject =      "Software --- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf Modules and interfaces};
Software --- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf User interfaces}; Software ---
Software Engineering --- Distribution, Maintenance, and
Enhancement (D.2.7): {\bf Restructuring, reverse
engineering, and reengineering}; Software ---
Programming Languages --- Language Constructs and
Features (D.3.3): {\bf Abstract data types}",
}

@Article{Murphy:1998:ESS,
author =       "Gail C. Murphy and David Notkin and William G.
Griswold and Erica S. Lan",
title =        "An empirical study of static call graph extractors",
journal =      j-TOSEM,
volume =       "7",
number =       "2",
pages =        "158--191",
month =        apr,
year =         "1998",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1998-7-2/p158-murphy/p158-murphy.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1998-7-2/p158-murphy/",
abstract =     "Informally, a call graph represents calls between
entities in a given program. The call graphs that
compilers compute to determine the applicability of an
optimization must typically be conservative: a call may
be omitted only if it can never occur in any execution
of the program. Numerous software engineering tools
also extract call graphs with the expectation that they
will help software engineers increase their
understanding of a program. The requirements placed on
software engineering tools that compute call graphs are
typically more relaxed than for compilers. For example,
some false negatives--calls that can in fact take place
in some execution of the program, but which are omitted
from the call graph--may be acceptable, depending on
empirically show a consequence of this spectrum of
requirements by comparing the C call graphs extracted
from three software systems (mapmaker, mosaic, and gcc)
by nine tools (cflow, cawk, CIA, Field, GCT, Imagix,
LSME, Mawk, and Rigiparse). A quantitative analysis of
the call graphs extracted for each system shows
considerable variation, a result that is
counterintuitive to many experienced software
engineers. A qualitative analysis of these results
reveals a number of reasons for this variation:
differing treatments of macros, function pointers,
input formats, etc. The fundamental problem is not that
variances among the graphs extracted by different tools
exist, but that software engineers have little sense of
the dimensions of approximation in any particular call
study, sketch a design space for static call graph
extractors, and discuss the impact of our study on
practitioners, tool developers, and researchers.
information, call graphs, many of the observations also
apply to static extractors of other kinds of
information, such as inheritance structures, file
dependences, and references to global variables.",
acknowledgement = ack-nhfb,
generalterms = "Experimentation; Languages",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "call graphs; design space; empirical study; software
system analysis; static analysis",
subject =      "Software --- Programming Languages --- Processors
(D.3.4)",
}

@Article{Hunt:1998:DAE,
author =       "James J. Hunt and Kiem-Phong Vo and Walter F. Tichy",
title =        "Delta algorithms an empirical analysis",
journal =      j-TOSEM,
volume =       "7",
number =       "2",
pages =        "192--214",
month =        apr,
year =         "1998",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1998-7-2/p192-hunt/p192-hunt.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1998-7-2/p192-hunt/",
abstract =     "Delta algorithms compress data by encoding one file in
terms of another. This type of compression is useful in
a number of situations: strong multiple versions of
data, displaying differences, merging changes,
performance parameters of several delta algorithms,
using a benchmark of over 1,300 pairs of files taken
from two successive releases of GNU software. Results
indicate that modern delta compression algorithms based
on Ziv--Lempel techniques significantly outperform {\em
diff}, a popular but older delta compressor, in terms
of compression ratio. The modern compressors also
correlate better with the actual difference between
files without sacrificing performance.",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Experimentation; Measurement;
Performance",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "benchmark; delta encoding; differencing",
subject =      "Software --- Software Engineering --- Distribution,
Maintenance, and Enhancement (D.2.7): {\bf Version
control}; Software --- Software Engineering --- Metrics
(D.2.8): {\bf Performance measures}; Data --- Coding
and Information Theory (E.4): {\bf Data compaction and
compression}; Data --- Files (E.5): {\bf
Backup/recovery}",
}

@Article{Cook:1998:DMS,
author =       "Jonathan E. Cook and Alexander L. Wolf",
title =        "Discovering models of software processes from
event-based data",
journal =      j-TOSEM,
volume =       "7",
number =       "3",
pages =        "215--249",
month =        jul,
year =         "1998",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1998-7-3/p215-cook/p215-cook.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1998-7-3/p215-cook/",
abstract =     "Many software process methods and tools presuppose the
existence of a formal model of a process.
Unfortunately, developing a formal model for an
on-going, complex process can be difficult, costly, and
error prone. This presents a practical barrier to the
adoption of process technologies, which would be
lowered by automated assistance in creating formal
models. To this end, we have developed a data analysis
technique that we term {\em process discovery.\/} Under
this technique, data describing process events are
first captured from an on-going process and then used
to generate a formal model of the behavior of that
that we developed specifically for process discovery,
as well as describe two additional methods that we
adopted from other domains and augmented for our
purposes. The three methods range from the purely
algorithmic to the purely statistical. We compare the
methods and discuss their application in an industrial
case study.",
acknowledgement = ack-nhfb,
generalterms = "Management",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "Balboa; process discovery; software process; tools",
subject =      "Software --- Software Engineering --- Programming
Environments (D.2.6); Computing Milieux --- Management
of Computing and Information Systems --- Software
Management (K.6.3): {\bf Software development};
Computing Milieux --- Management of Computing and
Information Systems --- Software Management (K.6.3):
{\bf Software maintenance}",
}

@Article{Chen:1998:BWI,
author =       "Huo Yan Chen and T. H. Tse and F. T. Chan and T. Y.
Chen",
title =        "In black and white: an integrated approach to
class-level testing of object-oriented programs",
journal =      j-TOSEM,
volume =       "7",
number =       "3",
pages =        "250--295",
month =        jul,
year =         "1998",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1998-7-3/p250-chen/p250-chen.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1998-7-3/p250-chen/",
abstract =     "Because of the growing importance of object-oriented
programming, a number of testing strategies have been
proposed. They are based either on pure black-box or
methodology to integrate the black- and white-box
techniques. The black-box technique is used to select
test cases. The white-box technique is mainly applied
to determine whether two objects resulting from the
program execution of a test care are observationally
equivalent. It is also used to select test cases in
some situations. We define the concept of a fundamental
pair as a pair of equivalent terms that are formed by
replacing all the variables on both sides of an axiom
by normal forms. We prove that an implementation is
consistent with respect to all equivalent terms if and
only if it is consistent with respect to all
fundamental pairs. In other words, the testing coverage
of fundamental pairs is as good as that of all possible
term rewritings, and hence we need only concentrate on
the testing of fundamental pairs. Our strategy is based
on mathematical theorems. According to the strategy, we
propose an algorithm for selecting a finite set of
fundamental pairs as test cases. Given a pair of
equivalent terms as a test case, we should then
determine whether the objects that result from
executing the implemented program are observationally
equivalent. We prove, however, that the observational
equivalence of objects cannot be determined using a
finite set of observable contexts (which are operation
sequences ending with an observer function) derived
from any black-box technique. Hence we supplement our
approach with a relevant observable context''
technique, which is a heuristic white-box technique to
select a relevant finite subset of the set of
observable contexts for determining the observational
equivalence. The relevant observable contexts are
constructed from a data member relevance graph (DRG),
which is an abstraction of the given implementation for
a given specification. A semiautomatic tool hass been
developed to support this technique.",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Languages; Reliability",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "abstract data types; algebraic specification;
object-oriented programming; observational equivalence;
software-testing methodologies",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Languages};
Software --- Software Engineering --- Testing and
Debugging (D.2.5); Software --- Programming Languages
--- Language Classifications (D.3.2): {\bf
Object-oriented languages}",
}

@Article{Crow:1998:FSS,
author =       "Judith Crow and Ben {Di Vito}",
title =        "Formalizing space shuttle software requirements: four
case studies",
journal =      j-TOSEM,
volume =       "7",
number =       "3",
pages =        "296--332",
month =        jul,
year =         "1998",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1998-7-3/p296-crow/p296-crow.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1998-7-3/p296-crow/",
requirements for new flight software subsystems on
NASA's Space Shuttle were analyzed using mechanically
supported formal methods. Three of the studies used
standard formal specification and verification
techniques, and the fourth used state exploration.
These applications illustrate two thesis: (1) formal
methods complement conventional requirements analysis
processes effectively and (2) formal methods confer
benefits even when only selectively adopted and
applied. The studies also illustrate the interplay of
application maturity level and formal methods strategy,
especially in areas such as technology transfer, legacy
applications, and rapid formalization, and they raise
interesting issues in problem domain modeling and in
tailoring formal techniques to applications.",
acknowledgement = ack-nhfb,
generalterms = "Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "flight software; formal methods; requirements
analysis; space shuttle; state exploration; theorem
proving",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Methodologies
(e.g., object-oriented, structured)}; Software ---
Software Engineering --- Requirements/Specifications
(D.2.1): {\bf Tools}; Theory of Computation --- Logics
and Meanings of Programs --- Specifying and Verifying
and Reasoning about Programs (F.3.1): {\bf Logics of
programs}; Theory of Computation --- Logics and
Meanings of Programs --- Specifying and Verifying and
Reasoning about Programs (F.3.1): {\bf Mechanical
verification}; Theory of Computation --- Logics and
Meanings of Programs --- Specifying and Verifying and
Reasoning about Programs (F.3.1): {\bf Specification
techniques}",
}

@Article{Allen:1998:EFB,
author =       "Robert Allen and David Garlan",
title =        "Errata: {A formal basis for architectural
connection''}",
journal =      j-TOSEM,
volume =       "7",
number =       "3",
pages =        "333--334",
month =        jul,
year =         "1998",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
note =         "See \cite{Allen:1997:FBA}.",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1998-7-3/p333-allen/p333-allen.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1998-7-3/p333-allen/",
abstract =     "We present corrections to a previously published
article which appeared in {\em ACM Transaction on
Software Engineering and Methodology\/} 6, 3 (July
1997), pp. 213-249",
acknowledgement = ack-nhfb,
generalterms = "Design; Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "formal models; model-checking; module interconnection;
software analysis; WRIGHT",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Languages};
Software --- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf Modules and interfaces};
Software --- Software Engineering ---
Requirements/Specifications (D.2.1); Theory of
Computation --- Logics and Meanings of Programs ---
Specifying and Verifying and Reasoning about Programs
(F.3.1): {\bf Specification techniques}; Theory of
Computation --- Mathematical Logic and Formal Languages
--- Formal Languages (F.4.3)",
}

@Article{Hunter:1998:MIS,
author =       "Anthony Hunter and Bashar Nuseibeh",
title =        "Managing inconsistent specifications: reasoning,
analysis, and action",
journal =      j-TOSEM,
volume =       "7",
number =       "4",
pages =        "335--367",
month =        oct,
year =         "1998",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1998-7-4/p335-hunter/p335-hunter.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1998-7-4/p335-hunter/",
abstract =     "In previous work, we advocated continued development
of specifications in the presence of inconsistency. To
support this, we used classical logic to represent
partial specifications and to identify inconsistencies
between them. We now present an adaptation of classical
logic, which we term quasi-classical (QC) logic, that
allows continued reasoning in the presence of
inconsistency. The adaptation is a weakening of
classical logic that prohibits all trivial derivations,
but still allows all resolvants of the assumptions to
be derived. Furthermore, the connectives behave in a
classical manner. We then present a development called
labeled QC logic that records and tracks assumptions
used in reasoning. This facilitates a logical analysis
of inconsistent information. We discuss that
application of labeled QC logic in the analysis of
multiperspective specifications. Such specifications
are developed by multiple participants who hold
overlapping, often inconsistent, views of the systems
they are developing.",
acknowledgement = ack-nhfb,
generalterms = "Design; Languages; Theory; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "managing inconsistency; paraconsistent logics;
requirements specification; viewpoints",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Languages};
Software --- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf Computer-aided software
engineering (CASE)}; Software --- Software Engineering
--- Software/Program Verification (D.2.4): {\bf
Validation}; Software --- Software Engineering ---
Testing and Debugging (D.2.5): {\bf Error handling and
recovery}; Software --- Software Engineering ---
Distribution, Maintenance, and Enhancement (D.2.7):
{\bf Restructuring, reverse engineering, and
reengineering}; Theory of Computation --- Mathematical
Logic and Formal Languages --- Mathematical Logic
(F.4.1): {\bf Proof theory}; Software --- Software
Engineering --- General (D.2.0); Software --- Software
Engineering --- Design Tools and Techniques (D.2.2)",
}

@Article{Jaccheri:1998:ESP,
author =       "Maria Letizia Jaccheri and Gian Pietro Picco and
Patricia Lago",
title =        "Eliciting software process models with the {E3}
language",
journal =      j-TOSEM,
volume =       "7",
number =       "4",
pages =        "368--410",
month =        oct,
year =         "1998",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1998-7-4/p368-jaccheri/p368-jaccheri.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1998-7-4/p368-jaccheri/",
abstract =     "Software processes are complex entities that demand
careful understand ing and improvement as they
determine the quality of the resulting product. A
necessary step toward the improvement of an
organization's process is a clear description of the
entities involved and of their mutual relationships.
Process model {\em elicitation\/} aims at constructing
this description under the shape of a software process
model. The model is constructed by gathering, from
several sources, process information which is often
incomplete, inconsistent, and ambiguous. A process
modeling language can be used to represent the model
being elicited. However, elicitation requires process
models to be understandable and well structured. These
requirements are often not satisfied by available
process modeling languages because of their bias toward
process enaction rather than process description. This
article presents a process modeling language and a
support tool which are conceived especially for process
model elicitation. The {\em E\/} 3 language is an
object-oriented modeling language with a graphical
notation. In {\em E\/} 3, associations are a means to
express constraints and facilitate reuse. The {\em E\/}
3 p-draw tool supports the creation and management of
{\em E\/} 3 models and provides a view mechanism that
enables inspection of models according to different
perspectives.",
acknowledgement = ack-nhfb,
generalterms = "Documentation; Languages; Management",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "associations; process model elicitation; software
process modeling",
subject =      "Software --- Programming Techniques ---
Object-oriented Programming (D.1.5); Software ---
Software Engineering --- Requirements/Specifications
(D.2.1); Software --- Software Engineering --- Design
Tools and Techniques (D.2.2): {\bf Computer-aided
software engineering (CASE)}; Software --- Software
Engineering --- Management (D.2.9): {\bf Software
configuration management}; Computing Milieux ---
Management of Computing and Information Systems ---
Software Management (K.6.3): {\bf Software
development}; Computing Milieux --- Management of
Computing and Information Systems --- Software
Management (K.6.3): {\bf Software maintenance}",
}

@Article{Fuggetta:1998:AGI,
author =       "Alfonso Fuggetta and Luigi Lavazza and Sandro Morasca
and Stefano Cinti and Giandomenico Oldano and Elena
Orazi",
title =        "Applying {GQM} in an industrial software factory",
journal =      j-TOSEM,
volume =       "7",
number =       "4",
pages =        "411--448",
month =        oct,
year =         "1998",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1998-7-4/p411-fuggetta/p411-fuggetta.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1998-7-4/p411-fuggetta/",
abstract =     "Goal/Question/Metric (GQM) is a paradigm for the
systematic definition, establishment, and exploitation
of measurement programs supporting the quantitative
evaluation of software processes and products. Although
GQM is a quite well-known method, detailed guidelines
for establishing a GQM program in an industrial
environment are still limited. Also, there are few
reported experiences on the application of GQM to
industrial cases. Finally, the technological support
experience we have gained in applying GQM at Digital
Laboratories in Italy. The procedures, experiences, and
technology that have been employed in this study are
largely reusable by other industrial organizations
willing to introduce a GQM-based measurement program in
their development environments.",
acknowledgement = ack-nhfb,
generalterms = "Experimentation; Management; Measurement",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "GQM; measurement cost; measurement process",
subject =      "Software --- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf Computer-aided software
engineering (CASE)}; Software --- Software Engineering
--- Metrics (D.2.8): {\bf Performance measures};
Software --- Software Engineering --- Management
(D.2.9): {\bf Productivity}; Software --- Software
Engineering --- Management (D.2.9): {\bf Software
quality assurance (SQA)}",
}

author =       "James J. Hunt and Walter F. Tichy",
title =        "Addendum to {Delta algorithms: an empirical
analysis''}",
journal =      j-TOSEM,
volume =       "7",
number =       "4",
pages =        "449--449",
month =        oct,
year =         "1998",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
note =         "See \cite{Hunt:1998:DAE}.",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1998-7-4/p449-hunt/p449-hunt.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1998-7-4/p449-hunt/",
abstract =     "The authors supply machine configurations for
experiments reported in Delta Algorithms: An
Empirical Analysis,'' by Hunt et al. ({\em ACM Trans.
Softw. Eng. Methodol.\/} 7, 2 (Apr. 1998), pp.
192-214).",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "benchmark; delta encoding; differencing",
subject =      "Software --- Software Engineering --- Distribution,
Maintenance, and Enhancement (D.2.7): {\bf Version
control}; Software --- Software Engineering --- Metrics
(D.2.8): {\bf Performance measures}; Data --- Coding
and Information Theory (E.4): {\bf Data compaction and
compression}; Data --- Files (E.5): {\bf
Backup/recovery}",
}

@Article{Ostroff:1999:CRD,
author =       "Jonathan S. Ostroff",
title =        "Composition and refinement of discrete real-time
systems",
journal =      j-TOSEM,
volume =       "8",
number =       "1",
pages =        "1--48",
month =        jan,
year =         "1999",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1999-8-1/p1-ostroff/p1-ostroff.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1999-8-1/p1-ostroff/",
abstract =     "Reactive systems exhibit ongoing, possibly
nonterminating, interaction with the environment.
Real-time systems are reactive systems that must
satisfy quantitative timing constraints. This paper
presents a structured compositional design method for
discrete real-time systems that can be used to combat
the combinatorial explosion of states in the
verification of large systems. A {\em composition
rule\/} describes how the correctness of the system can
be determined from the correctness of its modules,
without knowledge of their internal structure. The
advantage of compositional verification is clear. Each
module is both simpler and smaller than the system
itself. Composition requires the use of both
model-checking and deductive techniques. A {\em
refinement rule\/} guarantees that specifications of
high-level modules are preserved by their
implementations. The {\em StateTime\/} toolset is used
to automate parts of compositional designs using a
combination of model-checking and simulation. The
design method is illustrated using a reactor shutdown
system that cannot be verified using the StateTime
toolset (due to the combinatorial explosion of states)
without compositional reasoning. The reactor example
also illustrates the use of the refinement rule.",
acknowledgement = ack-nhfb,
generalterms = "Design; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "abstraction; model-checking; modules; refinement;
state explosion; temporal logic; timed logic",
subject =      "Software --- Programming Techniques --- Concurrent
Programming (D.1.3); Software --- Software Engineering
--- Design** (D.2.10); Software --- Software
Engineering --- Requirements/Specifications (D.2.1):
{\bf Methodologies (e.g., object-oriented,
structured)}; Software --- Software Engineering ---
Software/Program Verification (D.2.4): {\bf Model
checking}; Software --- Software Engineering --- Design
Tools and Techniques (D.2.2): {\bf Modules and
interfaces}; Software --- Software Engineering ---
Design Tools and Techniques (D.2.2); Software ---
Software Engineering --- Requirements/Specifications
(D.2.1): {\bf Tools}; Software --- Software Engineering
--- Design Tools and Techniques (D.2.2): {\bf State
diagrams}; Software --- Software Engineering ---
Software/Program Verification (D.2.4)",
}

@Article{Cheung:1999:CSP,
author =       "Shing Chi Cheung and Jeff Kramer",
title =        "Checking safety properties using compositional
reachability analysis",
journal =      j-TOSEM,
volume =       "8",
number =       "1",
pages =        "49--78",
month =        jan,
year =         "1999",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1999-8-1/p49-cheung/p49-cheung.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1999-8-1/p49-cheung/",
abstract =     "The software architecture of a distributed program can
be represented by a hierarchical composition of
subsystems, with interacting processes at the leaves of
the hierarchy. Compositional reachability analysis
(CRA) is a promising state reduction technique which
can be automated and used in stages to derive the
overall behavior of a distributed program based on its
architecture. CRA is particularly suitable for the
analysis of programs that are subject to evolutionary
change. When a program evolves, only the behaviors of
those subsystems affected by the change need be
reevaluated. The technique however has a limitation.
The properties available for analysis are constrained
by the set of actions that remain globally observable.
Properties involving actions encapsulated by subsystems
enhance the CRA technique to check safety properties
which may contain actions that are not globally
observable. To achieve this, the state machine model is
augmented with a special trap state labeled as ?. We
propose a scheme to transform, in stages, a property
that involves hidden actions to one that involves only
globally observable actions. The enhanced technique
also includes a mechanism aiming at reducing the
debugging effort. The technique is illustrated using a
gas station system example.",
acknowledgement = ack-nhfb,
generalterms = "Design; Theory; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "compositional reachability analysis; distributed
systems; model checking; safety properties; static
analysis",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Methodologies
(e.g., object-oriented, structured)}; Software ---
Software Engineering --- Design Tools and Techniques
(D.2.2); Software --- Software Engineering ---
Software/Program Verification (D.2.4); Software ---
Software Engineering --- Management (D.2.9): {\bf
Software quality assurance (SQA)}",
}

@Article{Ciapessoni:1999:FMF,
author =       "Emanuele Ciapessoni and Piergiorgio Mirandola and
Alberto Coen-Porisini and Dino Mandrioli and Angelo
Morzenti",
title =        "From formal models to formally based methods: an
industrial experience",
journal =      j-TOSEM,
volume =       "8",
number =       "1",
pages =        "79--113",
month =        jan,
year =         "1999",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1999-8-1/p79-ciapessoni/p79-ciapessoni.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1999-8-1/p79-ciapessoni/",
abstract =     "We address the problem of increasing the impact of
formal methods in the practice of industrial computer
applications. We summarize the reasons why formal
methods so far did not gain widespead use within the
industrial environment despite several promising
experiences. We suggest an evolutionary rather than
revolutionary attitude in the introduction of formal
methods in the practice of industrial applications, and
we report on our long-standing experience which
involves an academic institution. Politecnico di
Milano, two main industrial partners, ENEL and CISE,
and occasionally a few other industries. Our approach
aims at augmenting an existing and fairly deeply rooted
informal industrial methodology with our original
formalism, the logic specification language TRIO. On
the basis of the experiences we gained we argue that
our incremental attitude toward the introduction of
formal methods within the industry could be effective
largely independently from the chosen formalism.",
acknowledgement = ack-nhfb,
generalterms = "Design; Documentation; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "formal models; industrial applications; object
orientation; specification; supervision and control;
technology transfer",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Methodologies
(e.g., object-oriented, structured)}; Software ---
Software Engineering --- Design Tools and Techniques
(D.2.2); Software --- Software Engineering ---
Software/Program Verification (D.2.4)",
}

@Article{McCann:1999:MMI,
author =       "Peter J. McCann and Gruia-Catalin Roman",
title =        "Modeling mobile {IP} in mobile {UNITY}",
journal =      j-TOSEM,
volume =       "8",
number =       "2",
pages =        "115--146",
month =        apr,
year =         "1999",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1999-8-2/p115-mccann/p115-mccann.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1999-8-2/p115-mccann/",
abstract =     "With recent advances in wireless communication
technology, mobile computing is an increasingly
important area of research. A mobile system is one
where independently executing components may migrate
through some space during the course of the
computation, and where the pattern of connectivity
among the components changes as they move in and out of
proximity. Mobile UNITY is a notation and proof logic
for specifying and reasoning about mobile systems. In
to the modular development of system specifications
because of the declarative fashion in which
coordination among components is specified. The
packet-forwarding mechanism at the core of the Mobile
IP protocol for routing to mobile hosts is taken as an
example. A Mobile UNITY model of packet forwarding and
the mobile system in which it must operate is
developed. Proofs of correctness properties, including
important real-time properties, are outlined, and the
role of formal verification in the development of
protocols such as Mobile IP is discussed.",
acknowledgement = ack-nhfb,
generalterms = "Design; Languages; Reliability; Theory; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "formal methods; mobile computing; mobile UNITY; shared
variables; synchronization; transient interactions;
weak consistency",
subject =      "Computer Systems Organization ---
Computer-Communication Networks --- Network Protocols
(C.2.2): {\bf IP}; Computer Systems Organization ---
Computer-Communication Networks --- Network
Architecture and Design (C.2.1): {\bf Wireless
communication}; Computer Systems Organization ---
Computer-Communication Networks --- Network Protocols
(C.2.2): {\bf Protocol verification}",
}

@Article{Cook:1999:SPV,
author =       "Jonathan E. Cook and Alexander L. Wolf",
title =        "Software process validation: quantitatively measuring
the correspondence of a process to a model",
journal =      j-TOSEM,
volume =       "8",
number =       "2",
pages =        "147--176",
month =        apr,
year =         "1999",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1999-8-2/p147-cook/p147-cook.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1999-8-2/p147-cook/",
abstract =     "To a great extent, the usefulness of a formal model of
a software process lies in its ability to accurately
predict the behavior of the executing process.
Similarly, the usefulness of an executing process lies
largely in its ability to fulfill the requirements
embodied in a formal model of the process. When process
models and process executions diverge, something
significant is happening. We have developed techniques
for uncovering and measuring the discrepancies between
models and executions, which we call {\em process
validation}. Process validation takes a process
execution and a process model, and measures the level
of correspondence between the two. Our metrics are
tailorable and give process engineers control over
determining the severity of different types of
discrepancies. The techniques provide detailed
information once a high-level measurement indicates the
presence of a problem. We have applied our processes
validation methods in an industrial case study, of
acknowledgement = ack-nhfb,
generalterms = "Management; Measurement",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "balboa; process validation; software process; tools",
subject =      "Software --- Software Engineering --- Programming
Environments (D.2.6); Computing Milieux --- Management
of Computing and Information Systems --- Software
Management (K.6.3): {\bf Software development};
Computing Milieux --- Management of Computing and
Information Systems --- Software Management (K.6.3):
{\bf Software maintenance}; Software --- Software
Engineering --- Metrics (D.2.8): {\bf Process
metrics}",
}

@Article{Devanbu:1999:GCF,
author =       "Premkumar T. Devanbu",
title =        "{GENOA} --- a customizable, front-end-retargetable
source code analysis framework",
journal =      j-TOSEM,
volume =       "8",
number =       "2",
pages =        "177--212",
month =        apr,
year =         "1999",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1999-8-2/p177-devanbu/p177-devanbu.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1999-8-2/p177-devanbu/",
abstract =     "{\em Code analysis\/} tools provide support for such
software engineering tasks as program understanding,
software metrics, testing, and reengineering. In this
article we describe GENOA, the framework underlying
application generators such as Aria and GEN++ which
have been used to generate a wide range of practical
code analysis tools. This experience illustrates {\em
front-end retargetability\/} of GENOA; we describe the
features of the GENOA framework that allow it to be
used with different front ends. While permitting
arbitrary parse tree computations, the GENOA
specification language has special, compact iteration
operators that are tuned for expressing simple,
polynomial-time analysis programs; in fact, there is a
useful sublanguage of the GENOA language that can
express precisely all (and only) {\em
polynomial-time\/} (PTIME) analysis programs on parse
trees. Thus, we argue that the GENOA language is a
simple and convenient vehicle for implementing a range
of analysis tools. We also argue that the front-and
reuse'' approach of GENOA offers an important advantage
for tools aimed at large software projects: the reuse
of complex, expensive build procedures to run generated
describe the GENOA framework and our experiences with
it.",
acknowledgement = ack-nhfb,
generalterms = "Languages",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "code inspection; metrics; reverse engineering; source
analysis",
subject =      "Software --- Programming Languages --- Processors
(D.3.4); Software --- Software Engineering --- Coding
Tools and Techniques (D.2.3); Software --- Software
Engineering --- Programming Environments (D.2.6);
Software --- Software Engineering --- Software
Architectures (D.2.11); Software --- Software
Engineering --- Testing and Debugging (D.2.5); Software
--- Software Engineering --- Metrics (D.2.8)",
}

@Article{Damiani:1999:HAA,
author =       "E. Damiani and M. G. Fugini and C. Bellettini",
title =        "A hierarchy-aware approach to faceted classification
of objected-oriented components",
journal =      j-TOSEM,
volume =       "8",
number =       "3",
pages =        "215--262",
month =        jul,
year =         "1999",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1999-8-3/p215-damiani/p215-damiani.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1999-8-3/p215-damiani/",
schema for obje ct-oriented code, where software
components are classified according to their {\em
behavioral characteristics}, such as provided services,
employed algorithms, and needed data. In the case of
reusable application frameworks, these characteristics
are constructed from their {\em model}, i.e., from the
description of the abstract classes specifying both the
framework structure and purpose. In conventional object
libraries, the characteristics are extracted
semiautomatically from class interfaces.
Characteristics are term pairs, weighted to represent
how well'' they describe component behavior. The set
of characteristics associated with a given component
forms its {\em software descriptor}. A descriptor base
is presented where descriptors are organized on the
basis of structured relationships, such as similarity
and composition. The classification is supported by a
thesaurus acting as a language-independent unified
lexicon. The descriptor base is conceived for
developers who, besides conventionally browsing the
descriptors hierarchy, can query the system, specifying
a set of desired functionalities and getting a ranked
set of adaptable candidates. User feedback is taken
into account in order to progressively ameliorate the
quality of the descriptors according to the views of
the user community. Feedback is made dependent of the
user typology through a {\em user profile}.
Experimental results in terms of recall and precision
of the retrieval mechanism against a sample code base
are reported.",
acknowledgement = ack-nhfb,
generalterms = "Documentation",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "code analysis; component repositories; component
retrieval; software reuse; user feedback",
subject =      "Information Systems --- Information Storage and
Retrieval --- Information Search and Retrieval
(H.3.3)",
}

@Article{Podgurski:1999:ESR,
author =       "Andy Podgurski and Wassim Masri and Yolanda McCleese
and Francis G. Wolff and Charles Yang",
title =        "Estimation of software reliability by stratified
sampling",
journal =      j-TOSEM,
volume =       "8",
number =       "3",
pages =        "263--283",
month =        jul,
year =         "1999",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1999-8-3/p263-podgurski/p263-podgurski.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1999-8-3/p263-podgurski/",
abstract =     "A new approach to software reliability estimation is
presented that combines operational testing with
stratified sampling in order to reduce the number of
program executions that must be checked manually for
conformance to requirements. Automatic cluster analysis
is applied to execution profiles in order to stratify
captured operational executions. Experimental results
are reported that suggest this approach can
significantly reduce the cost of estimating
reliability.",
acknowledgement = ack-nhfb,
generalterms = "Reliability",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "beta testing; cluster analysis; operational testing;
software reliability; software testing; statistical
testing; stratified sampling",
subject =      "Software --- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf Software libraries}; Software
--- Software Engineering --- Testing and Debugging
(D.2.5); Software --- Operating Systems --- Reliability
(D.4.5); Software --- Software Engineering --- Design
Tools and Techniques (D.2.2)",
}

@Article{Jezequel:1999:RVC,
author =       "Jean-Marc J{\'e}z{\'e}quel",
title =        "Reifying variants in configuration management",
journal =      j-TOSEM,
volume =       "8",
number =       "3",
pages =        "284--295",
month =        jul,
year =         "1999",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1999-8-3/p284-jezequel/p284-jezequel.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1999-8-3/p284-jezequel/",
abstract =     "Using a solid software configuration management (SCM)
is mandatory to establish and maintain the integrity of
the products of a software project throughout the
project's software life cycle. Even with the help of
sophisticated tools, handling the various dimensions of
SCM can be a daunting (and costly) task for many
propose a method (based on the use creational design
patterns) to simplify SCM by reifying the {\em
variants\/} of an object-oriented software system into
language-level objects and (2) show that newly
available compilation technology makes this proposal
attractive with respect to performance (memory
footprint and execution time) by inferring which
classes are needed for a specific configuration and
optimizing the generated code accordingly.",
acknowledgement = ack-nhfb,
generalterms = "Design; Management; Performance",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "compilation technology; Eiffel; Mecure;
object-oriented analysis and design; reifying variants;
SMDS; software configuration management",
subject =      "Software --- Software Engineering (D.2); Software ---
Software Engineering --- Design Tools and Techniques
(D.2.2): {\bf Software libraries}; Software ---
Software Engineering --- Management (D.2.9): {\bf
Software configuration management}",
}

@Article{Reiss:1999:DE,
author =       "Steven P. Reiss",
title =        "The {Desert} environment",
journal =      j-TOSEM,
volume =       "8",
number =       "4",
pages =        "297--342",
month =        oct,
year =         "1999",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1999-8-4/p297-reiss/p297-reiss.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1999-8-4/p297-reiss/",
abstract =     "The Desert software engineering environment is a suite
of tools developed to enhance programmer productivity
through increased tool integration. It introduces an
inexpensive form of data integration to provide
additional tool capabilities and information sharing
among tools, uses a common editor to give high-quality
semantic feedback and to integrate different types of
software artifacts, and builds virtual files on demand
and extensible environment capable of handling large
software systems.",
acknowledgement = ack-nhfb,
generalterms = "Design",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "integrated programming environments; program editors",
subject =      "Software --- Software Engineering --- Coding Tools and
Techniques (D.2.3); Software --- Software Engineering
--- Programming Environments (D.2.6)",
}

@Article{Pohl:1999:PTP,
author =       "Klaus Pohl and Klaus Weidenhaupt and Ralf D{\"o}mges
and Peter Haumer and Matthias Jarke and Ralf Klamma",
title =        "{PRIME} --- toward process-integrated modeling
environments: 1",
journal =      j-TOSEM,
volume =       "8",
number =       "4",
pages =        "343--410",
month =        oct,
year =         "1999",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1999-8-4/p343-pohl/p343-pohl.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1999-8-4/p343-pohl/",
abstract =     "Research in process-centered environments (PCEs) has
focused on project management support and has neglected
method guidance for the engineers performing the
(software) engineering process. It has been dominated
by the search for suitable process-modeling languages
and enactment mechanisms. The consequences of process
orientation on the computer-based engineering
environments, i.e., the interactive tools used during
process performance, have been studied much less. In
Modeling Environments) framework which empowers method
guidance through process-integrated tools. In contrast
to the tools of PCEs, the process-integrated tools of
PRIME adjust their behavior according to the current
process situation and the method definitions. Process
integration of PRIME tools is achieved through (1) the
definition of tool models; (2) the integration of the
tool models and the method definitions; (3) the
interpretation of the integrated environment model by
the tools, the process-aware control integration
mechanism, and the enactment mechanism; and (4) the
synchronization of the tools and the enactment
mechanism based on a comprehensive interaction
protocol. We sketch the implementation of PRIME as a
reusable implementation framework which facilitates the
realization of process-integrated tools as well as the
process integration of external tools. We define a
six-step procedure for building a PRIME-based
process-integrated environment (PIE) and illustrate how
PRIME facilitates change integration on an
acknowledgement = ack-nhfb,
generalterms = "Design; Human Factors; Management; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "method guidance; PRIME; process modeling;
process-centered environments; process-integrated
environments; process-sensitive tools; tool
integration; tool modeling",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Tools};
Software --- Software Engineering --- Design Tools and
Techniques (D.2.2): {\bf Computer-aided software
engineering (CASE)}; Software --- Software Engineering
--- Programming Environments (D.2.6): {\bf Interactive
environments}; Software --- Programming Languages ---
Language Constructs and Features (D.3.3): {\bf
Frameworks}; Information Systems --- Information
Systems Applications --- Office Automation (H.4.1):
{\bf Workflow management}; Computer Applications ---
Computer-Aided Engineering (J.6); Computing Milieux ---
Management of Computing and Information Systems ---
Software Management (K.6.3): {\bf Software process};
Software --- Software Engineering --- Programming
Environments (D.2.6): {\bf Integrated environments}",
}

@Article{Kuhn:1999:FCE,
author =       "D. Richard Kuhn",
title =        "Fault classes and error detection capability of
specification-based testing",
journal =      j-TOSEM,
volume =       "8",
number =       "4",
pages =        "411--424",
month =        oct,
year =         "1999",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1999-8-4/p411-kuhn/p411-kuhn.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1999-8-4/p411-kuhn/",
abstract =     "Some varieties of specification-based testing rely
upon methods for generating test cases from predicates
in a software specification. These methods derive
various test conditions from logic expressions, with
the aim of detecting different types of faults. Some
authors have presented empirical results on the ability
of specification-based test generation methods to
computing the conditions that must be covered by a test
set for the test set to guarantee detection of the
particular fault class. It is shown that there is a
coverage hierarchy to fault classes that is consistent
with, and may therefore explain, experimental results
on fault-based testing. The method is also shown to be
acknowledgement = ack-nhfb,
generalterms = "Experimentation; Theory; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "testing",
subject =      "Software --- Software Engineering --- Software/Program
Verification (D.2.4); Software --- Software Engineering
--- Requirements/Specifications (D.2.1); Software ---
Software Engineering --- Testing and Debugging
(D.2.5)",
}

@Article{Damiani:1999:CHA,
author =       "E. Damiani and M. G. Fugini and C. Bellettini",
title =        "Corrigenda: a hierarchy-aware approach to faceted
classification of object-oriented components",
journal =      j-TOSEM,
volume =       "8",
number =       "4",
pages =        "425--472",
month =        oct,
year =         "1999",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/1999-8-4/p425-damiani/p425-damiani.pdf;
http://www.acm.org/pubs/citations/journals/tosem/1999-8-4/p425-damiani/",
schema for object-oriented code, where software
components are classified according to their {\em
behavioral characteristics}, such as provided services,
employed algorithms, and needed data. In the case of
reusable application frameworks, these characteristics
are constructed from their {\em model}, i.e., from the
description of the abstract classes specifying both the
framework structure and purpose. In conventional object
libraries, the characteristics are extracted
semiautomatically from class interfaces.
Characteristics are term pairs, weighted to represent
how well'' they describe component behavior. The set
of characteristics associated with a given component
forms its {\em software descriptor}. A descriptor base
is presented where descriptors are organized on the
basis of structured relationships, such as similarity
and composition. The classification is supported by a
thesaurus acting as a language-independent unified
lexicon. The descriptor base is conceived for
developers who, besides conventionally browsing the
descriptors hierarchy, can query the system, specifying
a set of desired functionalities and getting a ranked
set of adaptable candidates. User feedback is taken
into account in order to progressively ameliorate the
quality of the descriptors according to the views of
the user community. Feedback is made dependent of the
user typology through a {\em user profile}.
Experimental results in terms of recall and precision
of the retrieval mechanism against a sample code base
are reported.",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
subject =      "Information Systems --- Information Storage and
Retrieval --- Information Search and Retrieval (H.3.3):
{\bf Information filtering}",
}

@Article{Bultan:2000:CMC,
author =       "Tevfik Bultan and Richard Gerber and Christopher
League",
title =        "Composite model-checking: verification with
type-specific symbolic representations",
journal =      j-TOSEM,
volume =       "9",
number =       "1",
pages =        "3--50",
month =        jan,
year =         "2000",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/2000-9-1/p3-bultan/p3-bultan.pdf;
http://www.acm.org/pubs/citations/journals/tosem/2000-9-1/p3-bultan/",
abstract =     "There has been a surge of progress in automated
verification methods based on state exploration. In
areas like hardware design, these technologies are
rapidly augmenting key phases of testing and
validation. To date, one of the most successful of
these methods has been symbolic model-checking, in
which large finite-state machines are encoded into
compact data structures such as Binary Decision
Diagrams (BDDs), and are then checked for safety and
liveness properties. However, these techniques have not
realized the same success on software systems. One
limitation is their inability to deal with
infinite-state programs, even those with a single
unbounded integer. A second problem is that of finding
efficient representations for various variable types.
We recently proposed a model-checker for integer-based
systems that uses arithmetic constraints as the
underlying state representation. While this approach
easily verified some subtle, infinite-state concurrency
problems, it proved inefficient in its treatment of
boolean and (unordered) enumerated types--which are not
efficiently representable using arithmetic constraints.
combines the strengths of both BDD and arithmetic
constraint representations. Our composite model merges
multiple type-specific symbolic representations in a
single model-checker. A system's transitions and
fixpoint computations are encoded using both BDD (for
boolean and enumerated types) and arithmetic
constraints (for integers) representations, where the
choice depends on the variable types. Our composite
model-checking strategy can be extended to other
symbolic representations provided that they support
operations such as intersection, union, complement,
equivalence checking, and relational image computation.
We also present conservative approximation techniques
for composite representations to address the
undecidability of model-checking on infinite-state
systems. We demonstrate the effectiveness of our
approach by analyzing two example software
specifications which include a mixture of booleans,
integers, and enumerated types. One of them is a
requirements specification for the control software of
a nuclear reactor's cooling system, and the other one
is a protocol specification.",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "binary decision diagrams; Presburger arithmetic;
symbolic model-checking",
subject =      "Software --- Software Engineering --- Software/Program
Verification (D.2.4): {\bf Formal methods}; Software
--- Software Engineering --- Software/Program
Verification (D.2.4): {\bf Model checking}; Theory of
Computation --- Logics and Meanings of Programs ---
Specifying and Verifying and Reasoning about Programs
(F.3.1); Theory of Computation --- Logics and Meanings
of Programs --- Specifying and Verifying and Reasoning
about Programs (F.3.1): {\bf Invariants}; Theory of
Computation --- Logics and Meanings of Programs ---
Specifying and Verifying and Reasoning about Programs
(F.3.1): {\bf Mechanical verification}; Theory of
Computation --- Logics and Meanings of Programs ---
Specifying and Verifying and Reasoning about Programs
(F.3.1): {\bf Pre- and post-conditions}; Software ---
Software Engineering --- Requirements/Specifications
(D.2.1); Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Tools}",
}

@Article{Corbett:2000:USA,
author =       "James C. Corbett",
title =        "Using shape analysis to reduce finite-state models of
concurrent {Java} programs",
journal =      j-TOSEM,
volume =       "9",
number =       "1",
pages =        "51--93",
month =        jan,
year =         "2000",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/2000-9-1/p51-corbett/p51-corbett.pdf;
http://www.acm.org/pubs/citations/journals/tosem/2000-9-1/p51-corbett/",
abstract =     "Finite-state verification (e.g., model checking)
provides a powerful means to detect concurrency errors,
which are often subtle and difficult to reproduce.
Nevertheless, widespread use of this technology by
developers is unlikely until tools provide automated
support for extracting the required finite-state models
directly from program source. Unfortunately, the
dynamic features of modern languages such as Java
complicate the construction of compact finite-state
shape analysis, which has traditionally been used for
computing alias information in optimizers, can be used
to greatly reduce the size of finite-state models of
concurrent Java programs by determining which
heap-allocated variables are accessible only by a
single thread, and which shared variables are protected
by locks. We also provide several other state-space
reductions based on the semantics of Java monitors. A
prototype of the reductions demonstrates their
effectiveness.",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "concurrent systems; finite-state verification; Java;
model extraction; modeling; shape analysis; state-space
reductions",
subject =      "Software --- Software Engineering --- Software/Program
Verification (D.2.4)",
}

author =       "Carl A. Gunter",
title =        "Abstracting dependencies between software
configuration items",
journal =      j-TOSEM,
volume =       "9",
number =       "1",
pages =        "94--131",
month =        jan,
year =         "2000",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/2000-9-1/p94-gunter/p94-gunter.pdf;
http://www.acm.org/pubs/citations/journals/tosem/2000-9-1/p94-gunter/",
between software configuration items based on a theory
of concurrent computation over a class of Petri nets
called {\em production\/} nets. A general theory of
build optimizations and their correctness is developed
based on a form of abstract interpretation called a
{\em build abstraction\/}; these are created during a
build and are used to optimize subsequent builds.
Various examples of such optimizations are discussed.
The theory is used to show how properties can be
characterized and proved, and how optimizations can be
composed and compared.",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "abstract interpretation; mathematical models of build
dependencies; Petri nets; software configuration
management",
subject =      "Software --- Software Engineering --- Software/Program
Verification (D.2.4); Software --- Software Engineering
--- Distribution, Maintenance, and Enhancement (D.2.7):
{\bf Restructuring, reverse engineering, and
reengineering}; Software --- Software Engineering ---
Distribution, Maintenance, and Enhancement (D.2.7);
Theory of Computation --- Logics and Meanings of
Programs --- Semantics of Programming Languages
(F.3.2)",
}

@Article{Sistla:2000:SSB,
author =       "A. Prasad Sistla and Viktor Gyuris and E. Allen
Emerson",
title =        "{SMC}: a symmetry-based model checker for verification
of safety and liveness properties",
journal =      j-TOSEM,
volume =       "9",
number =       "2",
pages =        "133--166",
month =        apr,
year =         "2000",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/2000-9-2/p133-sistla/p133-sistla.pdf;
http://www.acm.org/pubs/citations/journals/tosem/2000-9-2/p133-sistla/",
abstract =     "The article presents the SMC system. SMC can be used
for checking safety and liveness properties of
concurrent programs under different fairness
assumptions. It is based on explicit state enumeration.
It combats the state explosion by exploiting symmetries
of the input concurrent program, usually present in the
form of identical processes, in two different ways.
Firstly, it reduces the number of explored states by
identifying those states that are equivalent under the
symmetries of the system; this is called {\em process
symmetry}. Secondly, it reduces the number of edges
explored from each state, in0 the reduced state graph,
by exploiting the symmetry of a single state; this is
called {\em state symmetry}. SMC works in an {\em
on-the-fly\/} manner; it constructs the reduced state
graph as and when it is needed. This method facilitates
early termination, speeds up model checking, and
reduces memory requirements. We employed SMC to check
the correctness of, among other standard examples, the
Link Layer part of the IEEE Standard 1394 Firewire''
high-speed serial bus protocol. SMC found deadlocks in
the protocol. SMC was also to check certain liveness
properties. A report on the case study is included in
the article.",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Performance; Standardization;
Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "automata; model checking",
subject =      "Software --- Software Engineering --- Software/Program
Verification (D.2.4): {\bf Model checking}; Software
--- Software Engineering --- Software/Program
Verification (D.2.4): {\bf Formal methods}; Theory of
Computation --- Logics and Meanings of Programs ---
Specifying and Verifying and Reasoning about Programs
(F.3.1): {\bf Mechanical verification}; Software ---
Programming Techniques --- Concurrent Programming
(D.1.3)",
}

@Article{Ciancarini:2000:UCL,
author =       "P. Ciancarini and F. Franz{\'e} and C. Mascolo",
title =        "Using a coordination language to specify and analyze
systems containing mobile components",
journal =      j-TOSEM,
volume =       "9",
number =       "2",
pages =        "167--198",
month =        apr,
year =         "2000",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/2000-9-2/p167-ciancarini/p167-ciancarini.pdf;
http://www.acm.org/pubs/citations/journals/tosem/2000-9-2/p167-ciancarini/",
abstract =     "New computing paradigms for network-aware applications
need specification languages able to deal with the
features of mobile code-based systems. A coordination
language provides a formal framework in which the
interaction of active entities can be expressed. A
coordination language deals with the creation and
destruction of code or complex agents, their
communication activities, as well as their distribution
and mobility in space. We show how the coordination
language PoliS offers a flexible basis for the
description and the automatic analysis of architectures
of systems including mobile entities. Polis is based on
multiple tuple spaces and offers a basis for defining,
studying, and controlling mobility as it allows
decoupling mobile entities from their environments both
in space and in time. The pattern-matching mechanism
adopted for communication helps in abstracting from
addressing issues. We have developed a model-checking
technique for the automatic analysis of PoliS
specifications. In the article we show how this
technique can be applied to mobile code-based systems",
acknowledgement = ack-nhfb,
generalterms = "Design; Languages; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1); Software ---
Software Engineering --- Software/Program Verification
(D.2.4): {\bf Model checking}; Software --- Programming
Languages --- Formal Definitions and Theory (D.3.1):
{\bf Semantics}; Software --- Programming Languages ---
Language Classifications (D.3.2): {\bf Concurrent,
distributed, and parallel languages}",
}

@Article{Louridas:2000:GMR,
author =       "Panagiotis Louridas and Pericles Loucopoulos",
title =        "A generic model for reflective design",
journal =      j-TOSEM,
volume =       "9",
number =       "2",
pages =        "199--237",
month =        apr,
year =         "2000",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/2000-9-2/p199-louridas/p199-louridas.pdf;
http://www.acm.org/pubs/citations/journals/tosem/2000-9-2/p199-louridas/",
abstract =     "Rapid technological change has had an impact on the
nature of software. This has led to new exigencies and
to demands for software engineering that pay particular
attention to meeting them. We advocate that such
demands can be met, at least in large parts, through
the adoption of software engineering processes that are
founded on a reflective stance. To this end, we turn
our attention to the field of Design Rationale. We
analyze and characterize Design Rationale approaches
and show that despite surface differences between
different approaches, they all tend to be variants of a
relatively small set of static and dynamic affinities.
We use the synthesis of static and dynamic affinities
to develop a generic model for reflective design. The
model is nonprescriptive and affects minimally the
design process. It is context-independent and is
intended to be used as a facilitator in participative
design, supporting group communication and
deliberation. The potential utility of the model is
demonstrated through two examples, one from the world
of business design and the other from programming
language design",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "design aids; design rationale; development;
participative; reflective",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Elicitation
methods (e.g., rapid prototyping, interviews, JAD)};
Software --- Software Engineering --- Design Tools and
Techniques (D.2.2)",
}

@Article{Inverardi:2000:SCS,
author =       "Paola Inverardi and Alexander L. Wolf and Daniel
Yankelevich",
title =        "Static checking of system behaviors using derived
component assumptions",
journal =      j-TOSEM,
volume =       "9",
number =       "3",
pages =        "239--272",
month =        jul,
year =         "2000",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/2000-9-3/p239-inverardi/p239-inverardi.pdf;
http://www.acm.org/pubs/citations/journals/tosem/2000-9-3/p239-inverardi/",
abstract =     "A critical challenge faced by the developer of a
software system is to understand whether the system's
components correctly integrate. While type theory has
provided substantial help in detecting and preventing
errors in mismatched static properties, much work
remains in the area of dynamics. In particular,
components make assumptions about their behavioral
interaction with other components, but currently we
have only limited ways in which to state those
assumptions and to analyze those assumptions for
correctness. We have formulated a method that begins to
address this problem. The method operates at the
architectural level so that behavioral integration
errors, such as deadlock, can be revealed early and at
a high level. For each component, a specification is
given of its interaction behavior. Form this
specification, assumptions that the component makes
about the corresponding interaction behavior of the
external context are automatically derived. We have
defined an algorithm that performs compatibility checks
between finite representations of a component's context
assumptions and the actual interaction behaviors of the
components with which it is intended to interact. A
configuration of a system is possible if and only if a
successful way of matching actual behaviors with
assumptions can be found. The state-space complexity of
this algorithm is significantly less than that of
comparable approaches, and in the worst case, the time
complexity is comparable to the worst case of standard
reachability analysis.",
acknowledgement = ack-nhfb,
generalterms = "Design; Theory; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "assumptions; chemical abstract machine model;
component-based systems; static analysis",
subject =      "Software --- Software Engineering (D.2); Software ---
Software Engineering --- Design Tools and Techniques
(D.2.2): {\bf Modules and interfaces}; Software ---
Software Engineering --- Design Tools and Techniques
(D.2.2): {\bf State diagrams}; Software --- Software
Engineering --- Software/Program Verification (D.2.4):
{\bf Assertion checkers}; Software --- Software
Engineering --- Software/Program Verification (D.2.4):
{\bf Formal methods}; Software --- Software Engineering
--- Software Architectures (D.2.11): {\bf Languages
(e.g., description, interconnection, definition)};
Theory of Computation --- Logics and Meanings of
Programs (F.3); Theory of Computation --- Logics and
Meanings of Programs --- Specifying and Verifying and
Reasoning about Programs (F.3.1): {\bf Assertions};
Theory of Computation --- Logics and Meanings of
Programs --- Specifying and Verifying and Reasoning
about Programs (F.3.1): {\bf Mechanical verification};
Theory of Computation --- Logics and Meanings of
Programs --- Specifying and Verifying and Reasoning
techniques}",
}

@Article{Minsky:2000:LGI,
author =       "Naftaly H. Minsky and Victoria Ungureanu",
title =        "Law-governed interaction: a coordination and control
mechanism for heterogeneous distributed systems",
journal =      j-TOSEM,
volume =       "9",
number =       "3",
pages =        "273--305",
month =        jul,
year =         "2000",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/2000-9-3/p273-minsky/p273-minsky.pdf;
http://www.acm.org/pubs/citations/journals/tosem/2000-9-3/p273-minsky/",
abstract =     "Software technology is undergoing a transition form
monolithic systems, constructed according to a single
overall design, into conglomerates of semiautonomous,
heterogeneous, and independently designed subsystems,
constructed and managed by different organizations,
with little, if any, knowledge of each other. Among the
problems inherent in such conglomerates, none is more
serious than the difficulty to {\em control\/} the
activities of the disparate agents operating in it, and
the difficulty for such agents to {\em coordinate\/}
their activities with each other. We argue that the
nature of coordination and control required for such
systems calls for the following principles to be
satisfied: (1) coordination policies need to be
enforced: (2) the enforcement needs to be
decentralized; and (3) coordination policies need to be
formulated explicitly--rather than being implicit in
the code of the agents involved--and they should be
enforced by means of a generic, broad spectrum
mechanism; and (4) it should be possible to deploy and
enforce a policy incrementally, without exacting any
cost from agents and activities not subject to it. We
describe a mechanism called law-governed interaction
(LGI), currently implemented by the Moses toolkit,
which has been designed to satisfy these principles. We
show that LGI is at least as general as a conventional
centralized coordination mechanism (CCM), and that it
is more scalable, and generally more efficient, then
CCM.",
acknowledgement = ack-nhfb,
generalterms = "Design; Performance; Security",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "coordination of heterogeneous agents; policy
enforcement; scalability",
subject =      "Software --- Software Engineering --- Software
Architectures (D.2.11); Software --- Software
Engineering --- Design Tools and Techniques (D.2.2);
Computer Systems Organization ---
Computer-Communication Networks --- Distributed Systems
(C.2.4); Information Systems --- Information Interfaces
and Presentation --- Group and Organization Interfaces
(H.5.3); Computer Applications --- Computers in Other
Systems (J.7): {\bf Command and control}",
}

@Article{Mills:2000:KBM,
author =       "Kevin L. Mills and Hassan Gomaa",
title =        "A knowledge-based method for inferring semantic
concepts from visual models of system behavior",
journal =      j-TOSEM,
volume =       "9",
number =       "3",
pages =        "306--337",
month =        jul,
year =         "2000",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/2000-9-3/p306-mills/p306-mills.pdf;
http://www.acm.org/pubs/citations/journals/tosem/2000-9-3/p306-mills/",
abstract =     "Software designers use visual models, such as data
flow/control flow diagrams or object collaboration
diagrams, to express system behavior in a form that can
be understood easily by users and by programmers, and
from which designers can generate a software
architecture. The research described in this paper is
motivated by a desire to provide an automated
designer's assistant that can generate software
architectures for concurrent systems directly from
behavioral models expressed visually as flow diagrams.
To achieve this goal, an automated designer's assistant
must be capable of interpreting flow diagrams in
semantic, rather than syntactic, terms. While semantic
concepts can be attached manually to diagrams using
labels, such as stereotypes in the Unified Model
Language (UML), this paper considers the possibility of
providing automated assistance to infer appropriate
tags for symbols on a flow diagram. The approach relies
upon constructing an underlying metamodel that defines
semantic concepts based upon (1) syntactic
relationships among visual symbols and (2) inheritance
relationships among semantic concepts. Given such a
metamodel, a rule-based inference engine can, in many
situations, infer the presence of semantic concepts on
flow diagram, and can tag symbols accordingly. Futher,
an object-oriented query system can compare semantic
tags on digram instances for conformance with their
definition in the metamodel. To illustrate the
approach, the paper describes a metamodel for data
flow/control flow diagrams used in the context of a
specific software modeling method, Concurrent
Object-Based Real-time Analysis (COBRA). The metamodel
is implemented using an expert-system shell, CLIPS
V6.0, which integrates an object-oriented language with
a rule-based inference engine. \par

The paper applies the implemented metamodel to design
software for an automobile cruise-control system and
provides an evaluation of the approach based upon
results from four case studies. For the case studies,
the implemented metamodel recognized, automatically and
correctly, the existence of 86\% of all COBRA semantic
concepts within the flow diagrams. Varying degrees of
human assistance were used to correctly identify the
remaining semantic concepts within the diagrams: in two
percent of the cases the implemented metamodel reached
tentative classifications that a designer was asked to
confirm or override; in four percent of the cases a
before a concept was classified; in the remaining eight
percent of the cases the designer was asked to identify
the concept.",
acknowledgement = ack-nhfb,
generalterms = "Design; Experimentation; Measurement",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "concept classification systems; concurrent systems;
knowledge-based software engineering; semantic data
modeling; software design methods; visual modeling",
subject =      "Software --- Software Engineering --- Design Tools and
Techniques (D.2.2)",
}

@Article{Wallach:2000:SSM,
author =       "Dan S. Wallach and Andrew W. Appel and Edward W.
Felten",
title =        "{SAFKASI}: a security mechanism for language-based
systems",
journal =      j-TOSEM,
volume =       "9",
number =       "4",
pages =        "341--378",
month =        oct,
year =         "2000",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/2000-9-4/p341-wallach/p341-wallach.pdf;
http://www.acm.org/pubs/citations/journals/tosem/2000-9-4/p341-wallach/",
abstract =     "In order to run untrusted code in the same process as
trusted code, there must be a mechanism to allow
dangerous calls to determine if their caller is
authorized to exercise the privilege of using the
dangerous routine. Java systems have adopted a
technique called stack inspection to address this
concern. But its original definition, in terms of
searching stack frames, had an unclear relationship to
the actual achievement of security, overconstrained the
implementation of a Java system, limited many desirable
optimizations such as method inlining and tail
recursion, and generally interfered with
interprocedural optimization. We present a new
semantics for stack inspection based on a belief logic
and its implementation using the calculus of {\em
security-passing style\/} which addresses the concerns
of traditional stack inspection. With security-passing
style, we can efficiently represent the security
context for any method activation, and we can build a
new implementation strictly by rewriting the Java
bytecodes before they are loaded by the system. No
changes to the JVM or bytecode semantics are necessary.
With a combination of static analysis and runtime
optimizations, our prototype implementation shows
inspection is still faster), and is easier to consider
for languages beyond Java. We call our system SAFKASI
(the Security Architecture Formerly Known as Stack
Inspection).",
acknowledgement = ack-nhfb,
generalterms = "Design; Languages; Security",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "access control; applets; Internet; Java;
security-passing style; stack inspection; WWW",
subject =      "Software --- Programming Techniques ---
Object-oriented Programming (D.1.5); Software ---
Software Engineering --- General (D.2.0): {\bf
Protection mechanisms}; Software --- Programming
Languages --- Language Classifications (D.3.2): {\bf
Object-oriented languages}; Software --- Operating
Systems --- Security and Protection (D.4.6): {\bf
Access controls}; Software --- Operating Systems ---
Security and Protection (D.4.6): {\bf Authentication}",
}

@Article{Fong:2000:PLM,
author =       "Philip W. L. Fong and Robert D. Cameron",
title =        "Proof linking: modular verification of mobile programs
in the presence of lazy, dynamic linking",
journal =      j-TOSEM,
volume =       "9",
number =       "4",
pages =        "379--409",
month =        oct,
year =         "2000",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/2000-9-4/p379-fong/p379-fong.pdf;
http://www.acm.org/pubs/citations/journals/tosem/2000-9-4/p379-fong/",
abstract =     "Although mobile code systems typically employ
link-time code verifiers to protect host computers from
potentially malicious code, implementation flaws in the
verifiers may still leave the host system vulnerable to
attack. Compounding the inherent complexity of the
verification algorithms themselves, the need to support
lazy, dynamic linking in mobile code systems typically
leads to architectures that exhibit strong
interdependencies between the loader, the verifier, and
the linker. To simplify verifier construction and
provide improved assurances of verifier integrity, we
propose a modular architecture based on the concept of
proof linking. This architecture encapsulates the
verification process and removes dependencies between
formally model the process of proof linking and
establish properties to which correct implementations
must conform. As an example, we instantiate our
architecture for the problem of Java bytecode
verification and assess the correctness of this
instantiation. Finally, we briefly discuss alternative
mobile code verification architectures enabled by the
acknowledgement = ack-nhfb,
generalterms = "Design; Languages; Security; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "correctness conditions; dynamic linking; Java; mobile
code; modularity; proof linking; safety; verification
protocol; virtual machine architecture",
subject =      "Software --- Software Engineering --- Software/Program
Verification (D.2.4): {\bf Correctness proofs};
Software --- Software Engineering --- Software/Program
Verification (D.2.4): {\bf Formal methods}; Software
--- Software Engineering ---
Requirements/Specifications (D.2.1); Software ---
Programming Languages --- Processors (D.3.4): {\bf
Run-time environments}",
}

@Article{Myers:2000:PPU,
author =       "Andrew C. Myers and Barbara Liskov",
title =        "Protecting privacy using the decentralized label
model",
journal =      j-TOSEM,
volume =       "9",
number =       "4",
pages =        "410--442",
month =        oct,
year =         "2000",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/2000-9-4/p410-myers/p410-myers.pdf;
http://www.acm.org/pubs/citations/journals/tosem/2000-9-4/p410-myers/",
abstract =     "Stronger protection is needed for the confidentiality
and integrity of data, because programs containing
untrusted code are the rule rather than the exception.
Information flow control allows the enforcement of
end-to-end security policies, but has been difficult to
decentralized label model, a new label model for
control of information flow in systems with mutual
distrust and decentralized authority. The model
improves on existing multilevel security models by
allowing users to declassify information in a
decentralized way, and by improving support for
fine-grained data sharing. It supports static program
analysis of information flow, so that programs can be
certified to permit only acceptable information flows,
while largely avoiding the overhead of run-time
checking. The article introduces the language Jif, an
extension to Java that provides static checking of
information flow using the decentralized label model.",
acknowledgement = ack-nhfb,
generalterms = "Languages; Security",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
end-to-end; information flow controls; integrity;
lattice; policies; principals; roles; type checking",
subject =      "Software --- Operating Systems --- Security and
Protection (D.4.6): {\bf Information flow controls}",
}

@Article{Clarke:2000:VSP,
author =       "E. M. Clarke and S. Jha and W. Marrero",
title =        "Verifying security protocols with {Brutus}",
journal =      j-TOSEM,
volume =       "9",
number =       "4",
pages =        "443--487",
month =        oct,
year =         "2000",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/2000-9-4/p443-clarke/p443-clarke.pdf;
http://www.acm.org/pubs/citations/journals/tosem/2000-9-4/p443-clarke/",
abstract =     "Due to the rapid growth of the Internet'' and the
World Wide Web'' security has become a very important
concern in the design and implementation of software
systems. Since security has become an important issue,
the number of protocols in this domain has become very
large. These protocols are very diverse in nature. If a
software architect wants to deploy some of these
protocols in a system, they have to be sure that the
protocol has the right properties as dictated by the
BRUTUS, a tool for verifying properties of security
protocols. This tool can be viewed as a special-purpose
model checker for security protocols. We also present
reduction techniques that make the tool efficient.
Experimental results are provided to demonstrate the
efficiency of BRUTUS.",
acknowledgement = ack-nhfb,
generalterms = "Security; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "authentication and secure payment protocols; formal
methods; model-checking",
subject =      "Software --- Software Engineering --- Software/Program
Verification (D.2.4): {\bf Model checking}; Software
--- Operating Systems --- Security and Protection
(D.4.6): {\bf Verification**}",
}

@Article{Durante:2000:CAC,
author =       "Antonio Durante and Riccardo Focardi and Roberto
Gorrieri",
title =        "A compiler for analyzing cryptographic protocols using
noninterference",
journal =      j-TOSEM,
volume =       "9",
number =       "4",
pages =        "488--528",
month =        oct,
year =         "2000",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/2000-9-4/p488-durante/p488-durante.pdf;
http://www.acm.org/pubs/citations/journals/tosem/2000-9-4/p488-durante/",
abstract =     "The Security Process Algebra (SPA) is a CCS-like
specification language where actions belong to two
different levels of confidentiality. It has been used
to define several noninterference-like security
properties whose verification has been automated by the
tool CoSeC. In recent years, a method for analyzing
security protocols using SPA and CoSeC has been
developed. Even if it has been useful in analyzing
small security protocols, this method has shown to be
error-prone, as it requires the protocol description
and its environment to be written by hand. This problem
has been solved by defining a protocol specification
language more abstract than SPA, called VSP, and a
compiler CVS that automatically generates the SPA
specification for a given protocol described in VSP.
The VSP/CVS technology is very powerful, and its
usefulness is shown with some case studies: the Woo-Lam
one-way authentication protocol, for which a new attack
to authentication is found, and the Wide Mouthed Frog
protocol, where different kinds of attack are detected
and analyzed.",
acknowledgement = ack-nhfb,
generalterms = "Security; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "automatic verification; cryptographic protocols;
noninterference; process algebra; verification tool",
subject =      "Computer Systems Organization ---
Computer-Communication Networks --- General (C.2.0):
{\bf Security and protection (e.g., firewalls)};
Computer Systems Organization ---
Computer-Communication Networks --- Network Protocols
(C.2.2): {\bf Protocol verification}; Software ---
Software Engineering --- Software/Program Verification
(D.2.4): {\bf Formal methods}; Software --- Software
Engineering --- Software/Program Verification (D.2.4):
{\bf Model checking}; Software --- Software Engineering
--- Software/Program Verification (D.2.4): {\bf
Validation}; Theory of Computation --- Logics and
Meanings of Programs --- Semantics of Programming
Languages (F.3.2): {\bf Operational semantics}; Theory
of Computation --- Logics and Meanings of Programs ---
Semantics of Programming Languages (F.3.2): {\bf
Process models}",
}

@Article{Tip:2001:SBA,
author =       "F. Tip and T. B. Dinesh",
title =        "A slicing-based approach for locating type errors",
journal =      j-TOSEM,
volume =       "10",
number =       "1",
pages =        "5--55",
month =        jan,
year =         "2001",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/2001-10-1/p5-tip/p5-tip.pdf;
http://www.acm.org/pubs/citations/journals/tosem/2001-10-1/p5-tip/",
abstract =     "The effectiveness of a type-checking tool strongly
depends on the accuracy of the positional information
that is associated with type errors. We present an
approach where the location associated with an error
message {\em e\/} is defined as a {\em slice\/} {\em P
e\/} of the program {\em P\/} being type-checked. We
show that this approach yields highly accurate
positional information: {\em P e\/} is a program that
contains precisely those program constructs in {\em
P\/} that caused error {\em e}. Semantically, we have
the interesting property that type-checking {\em P e\/}
is guaranteed to produce the same error {\em e}. Our
approach is completely language-independent and has
been implemented for a significant subset of Pascal. We
also report on experiments with object-oriented type
systems, and with a subset of ML.",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "abstract interpretation; program slicing;
semantics-based tool generation; static semantics;
type-checking",
subject =      "Software --- Programming Languages --- Processors
(D.3.4): {\bf Translator writing systems and compiler
generators}; Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Languages};
Theory of Computation --- Logics and Meanings of
Programs --- Specifying and Verifying and Reasoning
techniques}",
}

@Article{Chen:2001:TMO,
author =       "Huo Yan Chen and T. H. Tse and T. Y. Chen",
title =        "{TACCLE}: a methodology for object-oriented software
testing at the class and cluster levels",
journal =      j-TOSEM,
volume =       "10",
number =       "1",
pages =        "56--109",
month =        jan,
year =         "2001",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/2001-10-1/p56-chen/p56-chen.pdf;
http://www.acm.org/pubs/citations/journals/tosem/2001-10-1/p56-chen/",
abstract =     "Object-oriented programming consists of several
different levels of abstraction, namely, the
algorithmic level, class level, cluster level, and
system level. The testing of object-oriented software
at the algorithmic and system levels is similar to
conventional program testing. Testing at the class and
cluster levels poses new challenges. Since methods and
objects may interact with one another with unforeseen
combinations and invocations, they are much more
complex to simulate and test than the hierarchy of
functional calls in conventional programs. In this
paper, we propose a methodology for object-oriented
software testing at the class and cluster levels. In
class-level testing, it is essential to determine
whether objects produced from the execution of
implemented systems would preserve the properties
defined by the specification, such as behavioral
equivalence and nonequivalence. Our class-level testing
methodology addresses both of these aspects. For the
testing of behavioral equivalence, we propose to select
fundamental pairs of equivalent ground terms as test
cases using a black-box technique based on algebraic
specifications, and then determine by means of a
white-box technique whether the objects resulting from
executing such test cases are observationally
equivalent. To address the testing of behavioral
nonequivalence, we have identified and analyzed several
nontrivial problems in the current literature. We
propose to classify term equivalence into four types,
thereby setting up new concepts and deriving important
properties. Based on these results, we propose an
approach to deal with the problems in the generation of
nonequivalent ground terms as test cases. Relatively
little research has contributed to cluster-level
testing. In this paper, we also discuss black-box
testing at the cluster level. We illustrate the
feasibility of using contract, a formal specification
language for the behavioral dependencies and
interactions among cooperating objects of different
classes in a given cluster. We propose an approach to
test the interactions among different classes using
every individual message-passing rule in the given
Contract specification. We also present an approach to
examine the interactions among composite
message-passing sequences. We have developed four
testing tools to support our methodology.",
acknowledgement = ack-nhfb,
generalterms = "Languages; Reliability",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "algebraic specifications; contact specifications;
message passing; object-oriented programming; software
testing",
subject =      "Software --- Software Engineering ---
Requirements/Specifications (D.2.1): {\bf Languages};
Software --- Software Engineering --- Testing and
Debugging (D.2.5): {\bf Testing tools (e.g., data
generators, coverage testing)}; Software ---
Programming Languages --- Language Classifications
(D.3.2): {\bf Object-oriented languages}",
}

@Article{Rothermel:2001:MTS,
author =       "Gregg Rothermel and Margaret Burnett and Lixin Li and
Christopher Dupuis and Andrei Sheretov",
title =        "A methodology for testing spreadsheets",
journal =      j-TOSEM,
volume =       "10",
number =       "1",
pages =        "110--147",
month =        jan,
year =         "2001",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/2001-10-1/p110-rothermel/p110-rothermel.pdf;
http://www.acm.org/pubs/citations/journals/tosem/2001-10-1/p110-rothermel/",
abstract =     "Spreadsheet languages, which include commercial
substantial impact on end-user computing. Research
shows, however, that spreadsheets often contain faults;
thus, we would like to provide at least some of the
benefits of formal testing methodologies to the
criteria and coverage monitoring to the task of testing
spreadsheets. To accommodate the evaluation model used
with spreadsheets, and the interactive process by which
they are created, our methodology is incremental. To
accommodate the users of spreadsheet languages, we
provide an interface to our methodology that does not
require an understanding of testing theory. We have
implemented our testing methodology in the context of
the Froms/3 visual spreadsheet language. We report on
the methodology, its time and space costs, and the
mapping from the testing strategy to the user
interfaces. In an empirical study, we found that test
suites created according to our methodology detected,
on average, 81\% of the faults in a set of faulty
generated test suites.",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Languages; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
subject =      "Software --- Software Engineering --- Testing and
Debugging (D.2.5); Software --- Software Engineering
--- Programming Environments (D.2.6); Information
Systems --- Information Systems Applications --- Office
Automation (H.4.1); Software --- Programming Techniques
--- Visual Programming (D.1.7)",
}

@Article{Bible:2001:CSC,
author =       "John Bible and Gregg Rothermel and David S.
Rosenblum",
title =        "A comparative study of coarse- and fine-grained safe
regression test-selection techniques",
journal =      j-TOSEM,
volume =       "10",
number =       "2",
pages =        "149--183",
month =        apr,
year =         "2001",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/2001-10-2/p149-bible/p149-bible.pdf;
http://www.acm.org/pubs/citations/journals/tosem/2001-10-2/p149-bible/",
abstract =     "{\em Regression test-selection techniques\/} reduce
the cost of regression testing by selecting a subset of
an existing test suite to use in retesting a modified
program. Over the past two decades, numerous regression
test-selection techniques have been described in the
literature. Initial empirical studies of some of these
techniques have suggested that they can indeed benefit
testers, but so far, few studies have empirically
compared different techniques. In this paper, we
present the results of a comparative empirical study of
two safe regression test-selection techniques. The
techniques we studied have been implemented as the
tools DejaVu and TestTube; we compared these tools in
terms of a cost model incorporating {\em precision\/}
(ability to eliminate unnecessary test cases), {\em
analysis cost}, and {\em test execution cost}. Our
results indicate, that in many instances, despite its
relative lack of precision, TestTube can reduce the
time required for regression testing as much as the
more precise DejaVu. In other instances, particularly
where the time required to execute test cases is long,
DejaVu's superior precision gives it a clear advantage
over TestTube. Such variations in relative performance
can complicate a tester's choice of which tool to use.
Our experimental results suggest that a hybrid
regression test-selection tool that combines features
of TestTube and DejaVu may be an answer to these
complications; we present an initial case study that
demonstrates the potential benefit of such a tool.",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Verification",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "regression test selection; regression testing",
subject =      "Software --- Software Engineering --- Testing and
Debugging (D.2.5)",
}

@Article{Graves:2001:ESR,
author =       "Todd L. Graves and Mary Jean Harrold and Jung-Min Kim
and Adam Porter and Gregg Rothermel",
title =        "An empirical study of regression test selection
techniques",
journal =      j-TOSEM,
volume =       "10",
number =       "2",
pages =        "184--208",
month =        apr,
year =         "2001",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/2001-10-2/p184-graves/p184-graves.pdf;
http://www.acm.org/pubs/citations/journals/tosem/2001-10-2/p184-graves/",
abstract =     "Regression testing is the process of validating
modified software to detect whether new errors have
been introduced into previously tested code and to
provide confidence that modifications are correct.
Since regression testing is an expensive process,
researchers have proposed regression test selection
techniques as a way to reduce some of this expense.
These techniques attempt to reduce costs by selecting
and running only a subset of the test cases in a
program's existing test suite. Although there have been
some analytical and empirical evaluations of individual
techniques, to our knowledge only one comparative
study, focusing on one aspect of two of these
techniques, has been reported in the literature. We
conducted an experiment to examine the relative costs
and benefits of several regression test selection
techniques. The experiment examined five techniques for
reusing test cases, focusing on their relative
abilities to reduce regression testing effort and
uncover faults in modified programs. Our results
highlight several differences between the techniques,
and expose essential trade-offs that should be
considered when choosing a technique for practical
application.",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "empirical study; regression testing; selective
retest",
subject =      "Software --- Software Engineering --- Testing and
Debugging (D.2.5): {\bf Testing tools (e.g., data
generators, coverage testing)}; Software --- Software
Engineering --- Testing and Debugging (D.2.5): {\bf
Debugging aids}",
}

@Article{Sinha:2001:ICD,
author =       "Saurabh Sinha and Mary Jean Harrold and Gregg
Rothermel",
title =        "Interprocedural control dependence",
journal =      j-TOSEM,
volume =       "10",
number =       "2",
pages =        "209--254",
month =        apr,
year =         "2001",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Apr 20 08:21:35 MDT 2001",
bibsource =    "http://www.acm.org/pubs/toc/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
URL =          "http://www.acm.org/pubs/articles/journals/tosem/2001-10-2/p209-sinha/p209-sinha.pdf;
http://www.acm.org/pubs/citations/journals/tosem/2001-10-2/p209-sinha/",
abstract =     "Program-dependence information is useful for a variety
of applications, such as software testing and
maintenance tasks, and code optimization. Properly
defined, control and data dependences can be used to
identify semantic dependences. To function effectively
on whole programs, tools that utilize dependence
dependences: dependences that are identified by
analyzing the interactions among procedures. Many
techniques for computing interprocedural data
dependences exist; however, virtually no attention has
been paid to interprocedural control dependence.
Analysis techniques that fail to account for
interprocedural control dependences can suffer
unnecessary imprecision and loss of safety. This
article presents a definition of interprocedural
control dependence that supports the relationship of
control and data dependence to semantic dependence. The
article presents two approaches for computing
interprocedural control dependences, and empirical
results pertaining to the use of those approaches.",
acknowledgement = ack-nhfb,
generalterms = "Algorithms; Languages; Theory",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "interprocedural analysis; interprocedural control
dependence; program slicing; semantic dependence;
software maintenance",
subject =      "Software --- Software Engineering --- Testing and
Debugging (D.2.5): {\bf Debugging aids}; Software ---
Software Engineering --- Distribution, Maintenance, and
Enhancement (D.2.7): {\bf Restructuring, reverse
engineering, and reengineering}; Software ---
Programming Languages --- Language Constructs and
Features (D.3.3): {\bf Control structures}; Software
--- Programming Languages --- Processors (D.3.4): {\bf
Compilers}; Software --- Programming Languages ---
Processors (D.3.4): {\bf Optimization}; Computing
Methodologies --- Symbolic and Algebraic Manipulation
--- Algorithms (I.1.2): {\bf Analysis of algorithms};
Software --- Software Engineering --- Testing and
Debugging (D.2.5): {\bf Testing tools (e.g., data
generators, coverage testing)}",
}

author =       "Angelo Gargantini and Angelo Morzenti",
title =        "Automated deductive requirements analysis of critical
systems",
journal =      j-TOSEM,
volume =       "10",
number =       "3",
pages =        "255--307",
month =        jul,
year =         "2001",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Tue Feb 19 14:55:16 MST 2002",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Perry:2001:PCL,
author =       "Dewayne E. Perry and Harvey P. Siy and Lawrence G.
Votta",
title =        "Parallel changes in large-scale software development:
an observational case study",
journal =      j-TOSEM,
volume =       "10",
number =       "3",
pages =        "308--337",
month =        jul,
year =         "2001",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Tue Feb 19 14:55:16 MST 2002",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Picco:2001:RAC,
author =       "Gian Pietro Picco and Gruia-Catalin Roman and Peter J.
McCann",
title =        "Reasoning about code mobility with mobile {UNITY}",
journal =      j-TOSEM,
volume =       "10",
number =       "3",
pages =        "338--395",
month =        jul,
year =         "2001",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Tue Feb 19 14:55:16 MST 2002",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Beauvais:2001:MSA,
author =       "J.-R. Beauvais and E. Rutten and T. Gautier and R.
Houdebine and P. Le Guernic and Y.-M. Tang",
title =        "Modeling statecharts and activitycharts as signal
equations",
journal =      j-TOSEM,
volume =       "10",
number =       "4",
pages =        "397--451",
month =        oct,
year =         "2001",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Tue Feb 19 14:55:16 MST 2002",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Bonifati:2001:DDM,
author =       "Angela Bonifati and Fabiano Cattaneo and Stefano Ceri
and Alfonso Fuggetta and Stefano Paraboschi",
title =        "Designing data marts for data warehouses",
journal =      j-TOSEM,
volume =       "10",
number =       "4",
pages =        "452--483",
month =        oct,
year =         "2001",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Tue Feb 19 14:55:16 MST 2002",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Medvidovic:2002:MSA,
author =       "Nenad Medvidovic and David S. Rosenblum and David F.
Redmiles and Jason E. Robbins",
title =        "Modeling software architectures in the {Unified
Modeling Language}",
journal =      j-TOSEM,
volume =       "11",
number =       "1",
pages =        "2--57",
month =        jan,
year =         "2002",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Tue Feb 19 14:55:16 MST 2002",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Tsuchiya:2002:FCE,
author =       "Tatsuhiro Tsuchiya and Tohru Kikuno",
title =        "On fault classes and error detection capability of
specification-based testing",
journal =      j-TOSEM,
volume =       "11",
number =       "1",
pages =        "58--62",
month =        jan,
year =         "2002",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Tue Feb 19 14:55:16 MST 2002",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Keidar:2002:IBT,
author =       "Idit Keidar and Roger Khazan and Nancy Lynch and Alex
Shvartsman",
title =        "An inheritance-based technique for building simulation
proofs incrementally",
journal =      j-TOSEM,
volume =       "11",
number =       "1",
pages =        "63--91",
month =        jan,
year =         "2002",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Tue Feb 19 14:55:16 MST 2002",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Schrefl:2002:BCS,
author =       "Michael Schrefl and Markus Stumptner",
title =        "Behavior-consistent specialization of object life
cycles",
journal =      j-TOSEM,
volume =       "11",
number =       "1",
pages =        "92--148",
month =        jan,
year =         "2002",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Tue Feb 19 14:55:16 MST 2002",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Felder:2002:FDN,
author =       "Miguel Felder and Mauro Pezz{\e}",
title =        "A formal design notation for real-time systems",
journal =      j-TOSEM,
volume =       "11",
number =       "2",
pages =        "149--190",
year =         "2002",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Aug 7 10:57:17 MDT 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Batory:2002:AET,
author =       "Don Batory and Clay Johnson and Bob Macdonald and Dale
Von Heeder",
title =        "Achieving extensibility through product-lines and
domain-specific languages: a case study",
journal =      j-TOSEM,
volume =       "11",
number =       "2",
pages =        "191--214",
year =         "2002",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Aug 7 10:57:17 MDT 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Smaragdakis:2002:MLO,
author =       "Yannis Smaragdakis and Don Batory",
title =        "Mixin layers: an object-oriented implementation
technique for refinements and collaboration-based
designs",
journal =      j-TOSEM,
volume =       "11",
number =       "2",
pages =        "215--255",
year =         "2002",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Aug 7 10:57:17 MDT 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Jackson:2002:ALO,
author =       "Daniel Jackson",
title =        "{Alloy}: a lightweight object modelling notation",
journal =      j-TOSEM,
volume =       "11",
number =       "2",
pages =        "256--290",
year =         "2002",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Aug 7 10:57:17 MDT 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Pons:2002:TAC,
author =       "Alexander P. Pons",
title =        "Temporal abstract classes and virtual temporal
specifications for real-time systems",
journal =      j-TOSEM,
volume =       "11",
number =       "3",
pages =        "291--308",
year =         "2002",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Aug 7 10:57:17 MDT 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Mockus:2002:TCS,
author =       "Audris Mockus and Roy T. Fielding and James D.
Herbsleb",
title =        "Two case studies of open source software development:
{Apache} and {Mozilla}",
journal =      j-TOSEM,
volume =       "11",
number =       "3",
pages =        "309--346",
year =         "2002",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Aug 7 10:57:17 MDT 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Liang:2002:EAA,
author =       "Donglin Liang and Mary Jean Harrold",
title =        "Equivalence analysis and its application in improving
the efficiency of program slicing",
journal =      j-TOSEM,
volume =       "11",
number =       "3",
pages =        "347--383",
year =         "2002",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Aug 7 10:57:17 MDT 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Anonymous:2002:OOJ,
author =       "Anonymous",
title =        "Obituary: {Ole-Johan Dahl, 1931--2002; Edsger Wybe
Dijkstra, 1930--2002; Kristen Nygaard, 1926--2002}",
journal =      j-TOSEM,
volume =       "11",
number =       "4",
pages =        "385--385",
year =         "2002",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Aug 7 10:57:18 MDT 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Bernardo:2002:AFS,
author =       "Marco Bernardo and Paolo Ciancarini and Lorenzo
Donatiello",
title =        "Architecting families of software systems with process
algebras",
journal =      j-TOSEM,
volume =       "11",
number =       "4",
pages =        "386--426",
year =         "2002",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Aug 7 10:57:18 MDT 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Hierons:2002:CTS,
author =       "R. M. Hierons",
title =        "Comparing test sets and criteria in the presence of
test hypotheses and fault domains",
journal =      j-TOSEM,
volume =       "11",
number =       "4",
pages =        "427--448",
year =         "2002",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Aug 7 10:57:18 MDT 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Egyed:2002:AAC,
author =       "Alexander Egyed",
title =        "Automated abstraction of class diagrams",
journal =      j-TOSEM,
volume =       "11",
number =       "4",
pages =        "449--491",
year =         "2002",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Aug 7 10:57:18 MDT 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Ghezzi:2003:E,
author =       "Carlo Ghezzi and Jeffrey N. Magee and Dieter Rombach
and Mary Lou Soffa",
title =        "Editorial",
journal =      j-TOSEM,
volume =       "12",
number =       "1",
pages =        "1--2",
year =         "2003",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Aug 7 10:57:18 MDT 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Felty:2003:FSA,
author =       "Amy P. Felty and Kedar S. Namjoshi",
title =        "Feature specification and automated conflict
detection",
journal =      j-TOSEM,
volume =       "12",
number =       "1",
pages =        "3--27",
year =         "2003",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Aug 7 10:57:18 MDT 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Nentwich:2003:FCC,
author =       "Christian Nentwich and Wolfgang Emmerich and Anthony
Finkelstein and Ernst Ellmer",
title =        "Flexible consistency checking",
journal =      j-TOSEM,
volume =       "12",
number =       "1",
pages =        "28--63",
year =         "2003",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Aug 7 10:57:18 MDT 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Lopes:2003:HOA,
author =       "Ant{\'o}nia Lopes and Michel Wermelinger and Jos{\'e}
title =        "Higher-order architectural connectors",
journal =      j-TOSEM,
volume =       "12",
number =       "1",
pages =        "64--104",
year =         "2003",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Aug 7 10:57:18 MDT 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Staff:2003:R,
author =       "{ACM Transactions on Software Engineering and
Methodology staff}",
title =        "Reviewers 2002",
journal =      j-TOSEM,
volume =       "12",
number =       "1",
pages =        "105--105",
year =         "2003",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Aug 7 10:57:18 MDT 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

author =       "Alberto Coen-Porisini and Matteo Pradella and Matteo
Rossi and Dino Mandrioli",
title =        "A formal approach for designing {CORBA}-based
applications",
journal =      j-TOSEM,
volume =       "12",
number =       "2",
pages =        "107--151",
month =        apr,
year =         "2003",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Oct 31 06:06:37 MST 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{VanDenBrand:2003:TRT,
author =       "Mark G. J. {Van Den Brand} and Paul Klint and Jurgen
J. Vinju",
title =        "Term rewriting with traversal functions",
journal =      j-TOSEM,
volume =       "12",
number =       "2",
pages =        "152--190",
month =        apr,
year =         "2003",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Oct 31 06:06:37 MST 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Robillard:2003:SAS,
author =       "Martin P. Robillard and Gail C. Murphy",
title =        "Static analysis to support the evolution of exception
structure in object-oriented systems",
journal =      j-TOSEM,
volume =       "12",
number =       "2",
pages =        "191--221",
month =        apr,
year =         "2003",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Oct 31 06:06:37 MST 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Durante:2003:ATE,
author =       "Luca Durante and Riccardo Sisto and Adriano
Valenzano",
title =        "Automatic testing equivalence verification of spi
calculus specifications",
journal =      j-TOSEM,
volume =       "12",
number =       "2",
pages =        "222--284",
month =        apr,
year =         "2003",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Oct 31 06:06:37 MST 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Cohen:2003:AHQ,
author =       "Yossi Cohen and Yishai A. Feldman",
title =        "Automatic high-quality reengineering of database
programs by abstraction, transformation and
reimplementation",
journal =      j-TOSEM,
volume =       "12",
number =       "3",
pages =        "285--316",
month =        jul,
year =         "2003",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Sat Dec 13 18:40:57 MST 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Zambonelli:2003:DMS,
author =       "Franco Zambonelli and Nicholas R. Jennings and Michael
Wooldridge",
title =        "Developing multiagent systems: {The Gaia}
methodology",
journal =      j-TOSEM,
volume =       "12",
number =       "3",
pages =        "317--370",
month =        jul,
year =         "2003",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Sat Dec 13 18:40:57 MST 2003",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Chechik:2003:MVS,
author =       "Marsha Chechik and Benet Devereux and Steve
Easterbrook and Arie Gurfinkel",
title =        "Multi-valued symbolic model-checking",
journal =      j-TOSEM,
volume =       "12",
number =       "4",
pages =        "371--408",
month =        oct,
year =         "2003",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Nov 4 07:55:52 MST 2004",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Miller:2003:FTS,
author =       "Tim Miller and Paul Strooper",
title =        "A framework and tool support for the systematic
testing of model-based specifications",
journal =      j-TOSEM,
volume =       "12",
number =       "4",
pages =        "409--439",
month =        oct,
year =         "2003",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Nov 4 07:55:52 MST 2004",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Ferrari:2003:MCV,
author =       "Gian-Luigi Ferrari and Stefania Gnesi and Ugo
Montanari and Marco Pistore",
title =        "A model-checking verification environment for mobile
processes",
journal =      j-TOSEM,
volume =       "12",
number =       "4",
pages =        "440--473",
month =        oct,
year =         "2003",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Nov 4 07:55:52 MST 2004",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Zave:2004:ATT,
author =       "Pamela Zave",
title =        "Address translation in telecommunication features",
journal =      j-TOSEM,
volume =       "13",
number =       "1",
pages =        "1--36",
month =        jan,
year =         "2004",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Nov 4 07:55:52 MST 2004",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Uchitel:2004:IES,
author =       "Sebastian Uchitel and Jeff Kramer and Jeff Magee",
title =        "Incremental elaboration of scenario-based
specifications and behavior models using implied
scenarios",
journal =      j-TOSEM,
volume =       "13",
number =       "1",
pages =        "37--85",
month =        jan,
year =         "2004",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Nov 4 07:55:52 MST 2004",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Venkatasubramanian:2004:FMR,
author =       "Nalini Venkatasubramanian and Carolyn Talcott and Gul
A. Agha",
{QoS}-enabled middleware",
journal =      j-TOSEM,
volume =       "13",
number =       "1",
pages =        "86--147",
month =        jan,
year =         "2004",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Nov 4 07:55:52 MST 2004",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Akgul:2004:AIL,
author =       "Tankut Akgul and Vincent J. {Mooney III}",
title =        "Assembly instruction level reverse execution for
debugging",
journal =      j-TOSEM,
volume =       "13",
number =       "2",
pages =        "149--198",
month =        apr,
year =         "2004",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Nov 4 07:55:52 MST 2004",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Orso:2004:CDD,
author =       "Alessandro Orso and Saurabh Sinha and Mary Jean
Harrold",
title =        "Classifying data dependences in the presence of
pointers for program comprehension, testing, and
debugging",
journal =      j-TOSEM,
volume =       "13",
number =       "2",
pages =        "199--239",
month =        apr,
year =         "2004",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Nov 4 07:55:52 MST 2004",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Roshandel:2004:MSM,
author =       "Roshanak Roshandel and Andr{\'e} {Van Der Hoek} and
title =        "{Mae}---a system model and environment for managing
architectural evolution",
journal =      j-TOSEM,
volume =       "13",
number =       "2",
pages =        "240--276",
month =        apr,
year =         "2004",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Nov 4 07:55:52 MST 2004",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Rothermel:2004:TSC,
author =       "Gregg Rothermel and Sebastian Elbaum and Alexey G.
Malishevsky and Praveen Kallakuri and Xuemei Qiu",
title =        "On test suite composition and cost-effective
regression testing",
journal =      j-TOSEM,
volume =       "13",
number =       "3",
pages =        "277--331",
month =        jul,
year =         "2004",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Nov 4 07:55:52 MST 2004",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Kramer:2004:CCM,
author =       "Stefan Kramer and Hermann Kaindl",
title =        "Coupling and cohesion metrics for knowledge-based
systems using frames and rules",
journal =      j-TOSEM,
volume =       "13",
number =       "3",
pages =        "332--358",
month =        jul,
year =         "2004",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Nov 4 07:55:52 MST 2004",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Dwyer:2004:FAV,
author =       "Matthew B. Dwyer and Lori A. Clarke and Jamieson M.
Cobleigh and Gleb Naumovich",
title =        "Flow analysis for verifying properties of concurrent
software systems",
journal =      j-TOSEM,
volume =       "13",
number =       "4",
pages =        "359--430",
month =        oct,
year =         "2004",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Apr 14 10:42:21 MDT 2005",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Costagliola:2004:FMI,
author =       "Gennaro Costagliola and Vincenzo Deufemia and Giuseppe
Polese",
title =        "A framework for modeling and implementing visual
notations with applications to software engineering",
journal =      j-TOSEM,
volume =       "13",
number =       "4",
pages =        "431--487",
month =        oct,
year =         "2004",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Apr 14 10:42:21 MDT 2005",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Milanova:2005:POS,
author =       "Ana Milanova and Atanas Rountev and Barbara G.
Ryder",
title =        "Parameterized object sensitivity for points-to
analysis for {Java}",
journal =      j-TOSEM,
volume =       "14",
number =       "1",
pages =        "1--41",
month =        jan,
year =         "2005",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Apr 14 10:42:22 MDT 2005",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Baresi:2005:FID,
author =       "Luciano Baresi and Mauro Pezz{\e}",
title =        "Formal interpreters for diagram notations",
journal =      j-TOSEM,
volume =       "14",
number =       "1",
pages =        "42--84",
month =        jan,
year =         "2005",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Apr 14 10:42:22 MDT 2005",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Sommerville:2005:ESI,
author =       "Ian Sommerville and Jane Ransom",
title =        "An empirical study of industrial requirements
engineering process assessment and improvement",
journal =      j-TOSEM,
volume =       "14",
number =       "1",
pages =        "85--117",
month =        jan,
year =         "2005",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Thu Apr 14 10:42:22 MDT 2005",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Ghezzi:2005:E,
author =       "Carlo Ghezzi",
title =        "Editorial",
journal =      j-TOSEM,
volume =       "14",
number =       "2",
pages =        "119--123",
month =        apr,
year =         "2005",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon May 2 11:17:01 MDT 2005",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Berstel:2005:SFM,
author =       "Jean Berstel and Stefano Crespi Reghizzi and Gilles
Roussel and Pierluigi San Pietro",
title =        "A scalable formal method for design and automatic
checking of user interfaces",
journal =      j-TOSEM,
volume =       "14",
number =       "2",
pages =        "124--167",
month =        apr,
year =         "2005",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon May 2 11:17:01 MDT 2005",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Erwig:2005:SRS,
author =       "Martin Erwig and Zhe Fu",
title =        "Software reuse for scientific computing through
program generation",
journal =      j-TOSEM,
volume =       "14",
number =       "2",
pages =        "168--198",
month =        apr,
year =         "2005",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon May 2 11:17:01 MDT 2005",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

author =       "Eric M. Dashofy and Andr{\'e} van der Hoek and Richard
N. Taylor",
title =        "A comprehensive approach for the development of
modular software architecture description languages",
journal =      j-TOSEM,
volume =       "14",
number =       "2",
pages =        "199--245",
month =        apr,
year =         "2005",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon May 2 11:17:01 MDT 2005",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Staff:2005:AR,
author =       "{ACM Transactions on Software Engineering and
Methodology staff}",
title =        "Acknowledgement of referees 2004",
journal =      j-TOSEM,
volume =       "14",
number =       "2",
pages =        "246--246",
month =        apr,
year =         "2005",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon May 2 11:17:01 MDT 2005",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Lau:2005:EFC,
author =       "Man F. Lau and Yuen T. Yu",
title =        "An extended fault class hierarchy for
specification-based testing",
journal =      j-TOSEM,
volume =       "14",
number =       "3",
pages =        "247--276",
month =        jul,
year =         "2005",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1072997.1072998",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Sat Jul 23 15:50:12 MDT 2005",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Gervasi:2005:RAI,
author =       "Vincenzo Gervasi and Didar Zowghi",
title =        "Reasoning about inconsistencies in natural language
requirements",
journal =      j-TOSEM,
volume =       "14",
number =       "3",
pages =        "277--330",
month =        jul,
year =         "2005",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1072997.1072999",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Sat Jul 23 15:50:12 MDT 2005",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Klint:2005:TED,
author =       "Paul Klint and Ralf L{\"a}mmel and Chris Verhoef",
title =        "Toward an engineering discipline for grammarware",
journal =      j-TOSEM,
volume =       "14",
number =       "3",
pages =        "331--380",
month =        jul,
year =         "2005",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1072997.1073000",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Sat Jul 23 15:50:12 MDT 2005",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Osterweil:2005:E,
author =       "Leon Osterweil and Carlo Ghezzi and Jeff Kramer and
Alexander Wolf",
title =        "Editorial",
journal =      j-TOSEM,
volume =       "14",
number =       "4",
pages =        "381--382",
month =        oct,
year =         "2005",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Nov 25 05:58:01 MST 2005",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Estublier:2005:ISE,
author =       "Jacky Estublier and David Leblang and Andr{\'e} van
der Hoek and Reidar Conradi and Geoffrey Clemm and
Walter Tichy and Darcy Wiborg-Weber",
title =        "Impact of software engineering research on the
practice of software configuration management",
journal =      j-TOSEM,
volume =       "14",
number =       "4",
pages =        "383--430",
month =        oct,
year =         "2005",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Nov 25 05:58:01 MST 2005",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Ryder:2005:ISE,
author =       "Barbara G. Ryder and Mary Lou Soffa and Margaret
Burnett",
title =        "The impact of software engineering research on modern
programming languages",
journal =      j-TOSEM,
volume =       "14",
number =       "4",
pages =        "431--477",
month =        oct,
year =         "2005",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Nov 25 05:58:01 MST 2005",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Frias:2005:RAS,
author =       "Marcelo F. Frias and Carlos G. L{\'o}pez Pombo and
Gabriel A. Baum and Nazareno M. Aguirre and Thomas
S. E. Maibaum",
title =        "Reasoning about static and dynamic properties in
alloy: a purely relational approach",
journal =      j-TOSEM,
volume =       "14",
number =       "4",
pages =        "478--526",
month =        oct,
year =         "2005",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Nov 25 05:58:01 MST 2005",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Eshuis:2006:SMC,
author =       "Rik Eshuis",
title =        "Symbolic model checking of {UML} activity diagrams",
journal =      j-TOSEM,
volume =       "15",
number =       "1",
pages =        "1--38",
month =        jan,
year =         "2006",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1125808.1125809",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Sat Apr 22 06:14:53 MDT 2006",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Basin:2006:MDS,
author =       "David Basin and J{\"u}rgen Doser and Torsten
Lodderstedt",
title =        "Model driven security: {From UML} models to access
control infrastructures",
journal =      j-TOSEM,
volume =       "15",
number =       "1",
pages =        "39--91",
month =        jan,
year =         "2006",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1125808.1125810",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri Jul 04 08:41:19 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Snook:2006:UBF,
author =       "Colin Snook and Michael Butler",
title =        "{UML-B}: {Formal} modeling and design aided by {UML}",
journal =      j-TOSEM,
volume =       "15",
number =       "1",
pages =        "92--122",
month =        jan,
year =         "2006",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1125808.1125811",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Sat Apr 22 06:14:53 MDT 2006",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Counsell:2006:IUT,
author =       "Steve Counsell and Stephen Swift and Jason Crampton",
title =        "The interpretation and utility of three cohesion
metrics for object-oriented design",
journal =      j-TOSEM,
volume =       "15",
number =       "2",
pages =        "123--149",
month =        apr,
year =         "2006",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1131421.1131422",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri May 12 07:34:50 MDT 2006",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Fisher:2006:IAT,
author =       "Marc {Fisher II} and Gregg Rothermel and Darren Brown
and Mingming Cao and Curtis Cook and Margaret Burnett",
title =        "Integrating automated test generation into the
journal =      j-TOSEM,
volume =       "15",
number =       "2",
pages =        "150--194",
month =        apr,
year =         "2006",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1131421.1131423",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri May 12 07:34:50 MDT 2006",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Zhao:2006:STS,
author =       "Wei Zhao and Lu Zhang and Yin Liu and Jiasu Sun and
Fuqing Yang",
title =        "{SNIAFL}: {Towards} a static noninteractive approach
to feature location",
journal =      j-TOSEM,
volume =       "15",
number =       "2",
pages =        "195--226",
month =        apr,
year =         "2006",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1131421.1131424",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Fri May 12 07:34:50 MDT 2006",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Hierons:2006:ACC,
author =       "R. M. Hierons",
title =        "Avoiding coincidental correctness in boundary value
analysis",
journal =      j-TOSEM,
volume =       "15",
number =       "3",
pages =        "227--241",
month =        jul,
year =         "2006",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Tue Aug 29 05:26:07 MDT 2006",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Sinha:2006:HMB,
author =       "Avik Sinha and Carol Smidts",
title =        "{HOTTest}: a model-based test design technique for
enhanced testing of domain-specific applications",
journal =      j-TOSEM,
volume =       "15",
number =       "3",
pages =        "242--278",
month =        jul,
year =         "2006",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Tue Aug 29 05:26:07 MDT 2006",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Murphy:2006:LCM,
author =       "Amy L. Murphy and Gian Pietro Picco and Gruia-Catalin
Roman",
title =        "{LIME}: a coordination model and middleware
supporting mobility of hosts and agents",
journal =      j-TOSEM,
volume =       "15",
number =       "3",
pages =        "279--328",
month =        jul,
year =         "2006",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Tue Aug 29 05:26:07 MDT 2006",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Thiran:2006:WBE,
author =       "Philippe Thiran and Jean-Luc Hainaut and Geert-Jan
Houben and Djamal Benslimane",
title =        "Wrapper-based evolution of legacy information
systems",
journal =      j-TOSEM,
volume =       "15",
number =       "4",
pages =        "329--359",
month =        oct,
year =         "2006",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Wed Nov 15 06:42:33 MST 2006",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Brambilla:2006:PMW,
author =       "Marco Brambilla and Stefano Ceri and Piero Fraternali
and Ioana Manolescu",
title =        "Process modeling in {Web} applications",
journal =      j-TOSEM,
volume =       "15",
number =       "4",
pages =        "360--409",
month =        oct,
year =         "2006",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Wed Nov 15 06:42:33 MST 2006",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Snelting:2006:EPC,
author =       "Gregor Snelting and Torsten Robschink and Jens
Krinke",
title =        "Efficient path conditions in dependence graphs for
software safety analysis",
journal =      j-TOSEM,
volume =       "15",
number =       "4",
pages =        "410--457",
month =        oct,
year =         "2006",
CODEN =        "ATSMER",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Wed Nov 15 06:42:33 MST 2006",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Notkin:2007:Ea,
author =       "David Notkin",
title =        "Editorial",
journal =      j-TOSEM,
volume =       "16",
number =       "1",
pages =        "1:1--1:??",
month =        feb,
year =         "2007",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1189748.1189749",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:11:50 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
articleno =    "1",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Ghezzi:2007:E,
author =       "Carlo Ghezzi",
title =        "Editorial",
journal =      j-TOSEM,
volume =       "16",
number =       "1",
pages =        "2:1--2:??",
month =        feb,
year =         "2007",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1189748.1189750",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:11:50 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
articleno =    "2",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Robillard:2007:RCS,
author =       "Martin P. Robillard and Gail C. Murphy",
title =        "Representing concerns in source code",
journal =      j-TOSEM,
volume =       "16",
number =       "1",
pages =        "3:1--3:??",
month =        feb,
year =         "2007",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1189748.1189751",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:11:50 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
concerns. A concern is anything a stakeholder may want
to consider as a conceptual unit, including features,
nonfunctional requirements, and design idioms. In many
cases, the source code implementing a concern is not
encapsulated in a single programming language module,
and is instead scattered and tangled throughout a
system. Inadequate separation of concerns increases the
difficulty of evolving software in a correct and
cost-effective manner. To make it easier to modify
concerns that are not well modularized, we propose an
approach in which the implementation of concerns is
documented in artifacts, called concern graphs. Concern
graphs are abstract models that describe which parts of
the source code are relevant to different concerns. We
present a formal model for concern graphs and the tool
support we developed to enable software developers to
create and use concern graphs during software evolution
tasks. We report on five empirical studies, providing
evidence that concern graphs support views and
operations that facilitate the task of modifying the
code implementing scattered concerns, are
cost-effective to create and use, and robust enough to
be used with different versions of a software system.",
acknowledgement = ack-nhfb,
articleno =    "3",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "aspect-oriented software development; concern
modeling; Java; Separation of concerns; software
evolution",
}

@Article{Xie:2007:DCA,
author =       "Qing Xie and Atif M. Memon",
title =        "Designing and comparing automated test oracles for
{GUI}-based software applications",
journal =      j-TOSEM,
volume =       "16",
number =       "1",
pages =        "4:1--4:??",
month =        feb,
year =         "2007",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1189748.1189752",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:11:50 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "Test designers widely believe that the overall
effectiveness and cost of software testing depends
largely on the type and number of test cases executed
oracle, a mechanism that determines whether a software
is executed correctly for a test case, also
significantly impacts the fault detection effectiveness
and cost of a test case. Graphical user interfaces
(GUIs), which have become ubiquitous for interacting
with today's software, have created new challenges for
test oracle development. Test designers manually
assert'' the expected values of specific properties
of certain GUI widgets in each test case; during test
execution, these assertions are used as test oracles to
determine whether the GUI executed correctly. Since a
test case for a GUI is a sequence of events, a test
designer must decide: (1) what to assert; and (2) how
frequently to check an assertion, for example, after
each event in the test case or after the entire test
case has completed execution. Variations of these two
factors significantly impact the fault-detection
ability and cost of a GUI test case. A technique to
declaratively specify different types of automated GUI
test oracles is described. Six instances of test
oracles are developed and compared in an experiment on
four software systems. The results show that test
oracles do affect the fault detection ability of test
cases in different and interesting ways: (1) Test cases
significantly lose their fault detection ability when
using weak'' test oracles; (2) in many cases,
invoking a thorough'' oracle at the end of test case
execution yields the best cost-benefit ratio; (3)
certain test cases detect faults only if the oracle is
invoked during a small window of opportunity'' during
test execution; and (4) using thorough and
frequently-executing test oracles can compensate for
not having long test cases.",
acknowledgement = ack-nhfb,
articleno =    "4",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "graphical user interfaces; GUI state; GUI testing;
Test oracles; user interfaces; widgets",
}

@Article{Broy:2007:FMS,
author =       "Manfred Broy and Ingolf H. Kr{\"u}ger and Michael
Meisinger",
title =        "A formal model of services",
journal =      j-TOSEM,
volume =       "16",
number =       "1",
pages =        "5:1--5:??",
month =        feb,
year =         "2007",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1189748.1189753",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:11:50 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "Service-oriented software systems rapidly gain
importance across application domains: They emphasize
functionality (services), rather structural entities
(components), as the basic building block for system
composition. More specifically, services coordinate the
interplay of components to accomplish specific tasks.
orientation: Based on the Focus theory of distributed
systems (see Broy and St{\o}len [2001]), we introduce a
theory and formal model of services. In Focus, systems
are composed of interacting components. A component is
a total behavior. We introduce a formal model of
services where, in contrast, a service is a partial
behavior. For services and components, we work out
foundational specification techniques and outline
methodological development steps. We show how services
can be structured and how software architectures can be
composed of services and components. Although our
emphasis is on a theoretical foundation of the notion
of services, we demonstrate utility of the concepts we
introduce by means of a running example from the
automotive domain.",
acknowledgement = ack-nhfb,
articleno =    "5",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "assumption/commitment specifications; Components;
service engineering; services; software architecture",
}

@Article{Notkin:2007:Eb,
author =       "David Notkin",
title =        "Editorial",
journal =      j-TOSEM,
volume =       "16",
number =       "2",
pages =        "6:1--6:??",
month =        apr,
year =         "2007",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1217295.1237801",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:12:13 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
articleno =    "6",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Krishnamurthi:2007:FIA,
author =       "Shriram Krishnamurthi and Kathi Fisler",
title =        "Foundations of incremental aspect model-checking",
journal =      j-TOSEM,
volume =       "16",
number =       "2",
pages =        "7:1--7:??",
month =        apr,
year =         "2007",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1217295.1217296",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:12:13 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "Programs are increasingly organized around features,
which are encapsulated using aspects and other
linguistic mechanisms. Despite their growing popularity
amongst developers, there is a dearth of techniques for
computer-aided verification of programs that employ
these mechanisms. We present the theoretical
underpinnings for applying model checking to programs
(expressed as state machines) written using these
mechanisms. The analysis is incremental, examining only
components that change rather than verifying the entire
system every time one part of it changes. Our technique
assumes that the set of pointcut designators is known
statically, but the actual advice can vary. It handles
both static and dynamic pointcut designators. We
present the algorithm, prove it sound, and address
several subtleties that arise, including cascading
advice application and problems of circular
reasoning.",
acknowledgement = ack-nhfb,
articleno =    "7",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "aspect-oriented programming; feature-oriented
software; Incremental verification; model checking;
modular verification",
}

@Article{Binkley:2007:ESS,
author =       "David Binkley and Nicolas Gold and Mark Harman",
title =        "An empirical study of static program slice size",
journal =      j-TOSEM,
volume =       "16",
number =       "2",
pages =        "8:1--8:??",
month =        apr,
year =         "2007",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1217295.1217297",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:12:13 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
slices from 43 programs, ranging up to 136,000 lines of
code in size. The study investigates the effect of five
aspects that affect slice size. Three slicing
algorithms are used to study two algorithmic aspects:
calling-context treatment and slice granularity. The
remaining three aspects affect the upstream
dependencies considered by the slicer. These include
collapsing structure fields, removal of dead code, and
the influence of points-to analysis.\par

The results show that for the most precise slicer, the
average slice contains just under one-third of the
program. Furthermore, ignoring calling context causes a
50\% increase in slice size, and while (coarse-grained)
function-level slices are 33\% larger than
corresponding statement-level slices, they may be
useful predictors of the (finer-grained)
statement-level slice size. Finally, upstream analyses
have an order of magnitude less influence on slice
size.",
acknowledgement = ack-nhfb,
articleno =    "8",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "Program slicing; slice size",
}

@Article{Gamatie:2007:PDE,
author =       "Abdoulaye Gamati{\'e} and Thierry Gautier and Paul {Le
Guernic} and Jean-Pierre Talpin",
title =        "Polychronous design of embedded real-time
applications",
journal =      j-TOSEM,
volume =       "16",
number =       "2",
pages =        "9:1--9:??",
month =        apr,
year =         "2007",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1217295.1217298",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:12:13 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "Embedded real-time systems consist of hardware and
software that controls the behavior of a device or
plant. They are ubiquitous in today's technological
landscape and found in domains such as
telecommunications, nuclear power, avionics, and
medical technology. These systems are difficult to
design and build because they must satisfy both
functional and timing requirements to work correctly in
their intended environment. Furthermore, embedded
systems are often critical systems, where failure can
lead to loss of life, loss of mission, or serious
financial consequences. Because of the difficulty in
creating these systems and the consequences of failure,
they require rigorous and reliable design approaches.
The synchronous approach is one possible answer to this
demand. Its mathematical basis provides formal concepts
that favor the trusted design of embedded real-time
systems. The multiclock or polychronous model stands
out from other synchronous specification models by its
capability to enable the design of systems where each
component holds its own activation clock as well as
single-clocked systems in a uniform way. A great
advantage is its convenience for component-based design
approaches that enable modular development of
increasingly complex modern systems. The expressiveness
of its underlying semantics allows dealing with several
insights gained during recent years from the design of
real-time applications within the polychronous
framework. In particular, it shows promising results
about the design of applications from the avionics
domain.",
acknowledgement = ack-nhfb,
articleno =    "9",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "Avionics; IMA; Signal; Synchronous approach",
}

@Article{Kapoor:2007:TCF,
author =       "Kalpesh Kapoor and Jonathan P. Bowen",
title =        "Test conditions for fault classes in {Boolean}
specifications",
journal =      j-TOSEM,
volume =       "16",
number =       "3",
pages =        "10:1--10:??",
month =        jul,
year =         "2007",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1243987.1243988",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:12:41 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "Fault-based testing of software checks the software
implementation for a set of faults. Two previous papers
on fault-based testing [Kuhn 1999; Tsuchiya and Kikuno
2002] represent the required behavior of the software
as a Boolean specification represented in Disjunctive
Normal Form (DNF) and then show that faults may be
results by identifying necessary and sufficient
conditions for fault-based testing. Unlike previous
solutions, the formal analysis used to derive these
conditions imposes no restrictions (such as DNF) on the
form of the Boolean specification.",
acknowledgement = ack-nhfb,
articleno =    "10",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "Boolean specification; fault classes; Fault-based
testing",
}

@Article{Paige:2007:MBM,
author =       "Richard F. Paige and Phillip J. Brooke and Jonathan S.
Ostroff",
title =        "Metamodel-based model conformance and multiview
consistency checking",
journal =      j-TOSEM,
volume =       "16",
number =       "3",
pages =        "11:1--11:??",
month =        jul,
year =         "2007",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1243987.1243989",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:12:41 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "Model-driven development, using languages such as UML
and BON, often makes use of multiple diagrams (e.g.,
class and sequence diagrams) when modeling systems.
These diagrams, presenting different views of a system
of interest, may be inconsistent. A metamodel provides
a unifying framework in which to ensure and check
consistency, while at the same time providing the means
to distinguish between valid and invalid models, that
is, conformance. Two formal specifications of the
metamodel for an object-oriented modeling language are
presented, and it is shown how to use these
specifications for model conformance and multiview
consistency checking. Comparisons are made in terms of
completeness and the level of automation each provide
for checking multiview consistency and model
conformance. The lessons learned from applying formal
techniques to the problems of metamodeling, model
conformance, and multiview consistency checking are
summarized.",
acknowledgement = ack-nhfb,
articleno =    "11",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "automated verification; formal methods; Metamodeling;
multiview consistency",
}

@Article{Basu:2007:MCJ,
author =       "Samik Basu and Scott A. Smolka",
title =        "Model checking the {Java} metalocking algorithm",
journal =      j-TOSEM,
volume =       "16",
number =       "3",
pages =        "12:1--12:??",
month =        jul,
year =         "2007",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1243987.1243990",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:12:41 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "We report on our efforts to use the XMC model checker
to model and verify the Java metalocking algorithm. XMC
[Ramakrishna et al. 1997] is a versatile and efficient
model checker for systems specified in XL, a highly
expressive value-passing language. Metalocking [Agesen
et al. 1999] is a highly-optimized technique for
ensuring mutually exclusive access by threads to object
monitor queues and, therefore; plays an essential role
Metalocking can be viewed as a two-tiered scheme. At
the upper level, the metalock level, a thread waits
until it can enqueue itself on an object's monitor
queue in a mutually exclusive manner. At the lower
level, the monitor-lock level, enqueued threads race to
specification of the metalocking algorithm is fully
parameterized, both on the number of threads M, and the
number of objects N. It also captures a sophisticated
optimization of the basic metalocking algorithm known
as extra-fast locking and unlocking of uncontended
objects. Using XMC, we show that for a variety of
values of M and N, the algorithm indeed provides mutual
exclusion and freedom from deadlock and lockout at the
metalock level. We also show that, while the
monitor-lock level of the protocol preserves mutual
exclusion and deadlock-freedom, it is not lockout-free
because the protocol's designers chose to give equal
preference to awaiting threads and newly arrived
acknowledgement = ack-nhfb,
articleno =    "12",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "Java; metalocking; monitor queues; mutual exclusion;
synchronized methods; XMC",
}

@Article{DeLucia:2007:RTL,
author =       "Andrea {De Lucia} and Fausto Fasano and Rocco Oliveto
and Genoveffa Tortora",
title =        "Recovering traceability links in software artifact
management systems using information retrieval
methods",
journal =      j-TOSEM,
volume =       "16",
number =       "4",
pages =        "13:1--13:??",
month =        sep,
year =         "2007",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1276933.1276934",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:12:55 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "The main drawback of existing software artifact
management systems is the lack of automatic or
maintenance. We have improved an artifact management
system with a traceability recovery tool based on
Latent Semantic Indexing (LSI), an information
retrieval technique. We have assessed LSI to identify
strengths and limitations of using information
retrieval techniques for traceability recovery and
devised the need for an incremental approach. The
method and the tool have been evaluated during the
development of seventeen software projects involving
about 150 students. We observed that although tools
based on information retrieval provide a useful support
for the identification of traceability links during
software development, they are still far to support a
complete semi-automatic recovery of all links. The
results of our experience have also shown that such
tools can help to identify quality problems in the
textual description of traced artifacts.",
acknowledgement = ack-nhfb,
articleno =    "13",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "impact analysis; latent semantic indexing; Software
artifact management; traceability management",
}

@Article{Wassermann:2007:SCD,
author =       "Gary Wassermann and Carl Gould and Zhendong Su and
Premkumar Devanbu",
title =        "Static checking of dynamically generated queries in
database applications",
journal =      j-TOSEM,
volume =       "16",
number =       "4",
pages =        "14:1--14:??",
month =        sep,
year =         "2007",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1276933.1276935",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:12:55 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "Many data-intensive applications dynamically construct
queries in response to client requests and execute
them. Java servlets, for example, can create strings
that represent SQL queries and then send the queries,
using JDBC, to a database server for execution. The
servlet programmer enjoys static checking via Java's
strong type system. However, the Java type system does
little to check for possible errors in the dynamically
generated SQL query strings. Thus, a type error in a
generated selection query (e.g., comparing a string
attribute with an integer) can result in an SQL runtime
exception. Currently, such defects must be rooted out
through careful testing, or (worse) might be found by
sound, static program analysis technique to verify that
dynamically generated query strings do not contain type
errors. We describe our analysis technique and provide
soundness results for our static analysis algorithm. We
also describe the details of a prototype tool based on
the algorithm and present several illustrative defects
found in senior software-engineering student-team
projects, online tutorial examples, and a real-world
purchase order system written by one of the authors.",
acknowledgement = ack-nhfb,
articleno =    "14",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "context-free language reachability; database queries;
JDBC; Static checking",
}

@Article{Baresi:2007:TES,
author =       "Luciano Baresi and Sandro Morasca",
title =        "Three empirical studies on estimating the design
effort of {Web} applications",
journal =      j-TOSEM,
volume =       "16",
number =       "4",
pages =        "15:1--15:??",
month =        sep,
year =         "2007",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1276933.1276936",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:12:55 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "Our research focuses on the effort needed for
designing modern Web applications. The design effort is
an important part of the total development effort,
since the implementation can be partially automated by
tools.\par

We carried out three empirical studies with students of
advanced university classes enrolled in engineering and
communication sciences curricula. The empirical studies
are based on the use of W2000, a special-purpose design
notation for the design of Web applications, but the
hypotheses and results may apply to a wider class of
modeling notations (e.g., OOHDM, WebML, or UWE). We
started by investigating the relative importance of
each design activity. We then assessed the accuracy of
a priori design effort predictions and the influence of
a few process-related factors on the effort needed for
each design activity. We also analyzed the impact of
attributes like the size and complexity of W2000 design
artifacts on the total effort needed to design the user
experience of web applications. In addition, we carried
out a finer-grain analysis, by studying which of these
attributes impact the effort devoted to the steps of
the design phase that are followed when using W2000.",
acknowledgement = ack-nhfb,
articleno =    "15",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "effort estimation; empirical study; W2000; Web
application design",
}

@Article{Notkin:2007:Ec,
author =       "David Notkin",
title =        "Editorial",
journal =      j-TOSEM,
volume =       "17",
number =       "1",
pages =        "1:1--1:2",
month =        dec,
year =         "2007",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1314493.1314494",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:13:04 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Meyers:2007:ESS,
author =       "Timothy M. Meyers and David Binkley",
title =        "An empirical study of slice-based cohesion and
coupling metrics",
journal =      j-TOSEM,
volume =       "17",
number =       "1",
pages =        "2:1--2:27",
month =        dec,
year =         "2007",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1314493.1314495",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:13:04 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "Software reengineering is a costly endeavor, due in
part to the ambiguity of where to focus reengineering
effort. Coupling and Cohesion metrics, particularly
quantitative cohesion metrics, have the potential to
aid in this identification and to measure progress. The
most extensive work on such metrics is with slice-based
cohesion metrics. While their use of semantic
dependence information should make them an excellent
choice for cohesion measurement, their wide spread use
has been impeded in part by a lack of empirical
study.\par

Recent advances in software tools make, for the first
time, a large-scale empirical study of slice-based
cohesion and coupling metrics possible. Four results
from such a study are presented. First,
head-to-head'' qualitative and quantitative
comparisons of the metrics identify which metrics
provide similar views of a program and which provide
unique views of a program. This study includes
statistical analysis showing that slice-based metrics
are not proxies for simple size-based metrics such as
lines of code. Second, two longitudinal studies show
that slice-based metrics quantify the deterioration of
a program as it ages. This serves to validate the
metrics: the metrics quantify the degradation that
exists during development; turning this around, the
metrics can be used to measure the progress of a
reengineering effort. Third, baseline values for
slice-based metrics are provided. These values act as
targets for reengineering efforts with modules having
values outside the expected range being the most in
need of attention. Finally, slice-based coupling is
correlated and compared with slice-based cohesion.",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "cohesion; coupling; reengineering; Slicing; software
intervention",
}

@Article{Marin:2007:ICC,
author =       "Marius Marin and Arie {Van Deursen} and Leon Moonen",
title =        "Identifying {Crosscutting Concerns Using Fan-In
Analysis}",
journal =      j-TOSEM,
volume =       "17",
number =       "1",
pages =        "3:1--3:37",
month =        dec,
year =         "2007",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1314493.1314496",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:13:04 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "Aspect mining is a reverse engineering process that
aims at finding crosscutting concerns in existing
approach based on determining methods that are called
from many different places, and hence have a high
fan-in, which can be seen as a symptom of crosscutting
functionality. The approach is semiautomatic, and
consists of three steps: metric calculation, method
filtering, and call site analysis. Carrying out these
steps is an interactive process supported by an Eclipse
plug-in called FINT. Fan-in analysis has been applied
to three open source Java systems, totaling around
200,000 lines of code. The most interesting concerns
identified are discussed in detail, which includes
several concerns not previously discussed in the
aspect-oriented literature. The results show that a
significant number of crosscutting concerns can be
recognized using fan-in analysis, and each of the three
steps can be supported by tools.",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "Aspect-oriented programming; crosscutting concerns;
fan-in metric; reverse engineering",
}

author =       "Marcelo F. Frias and Carlos G. Lopez Pombo and Juan P.
Galeotti and Nazareno M. Aguirre",
title =        "Efficient {Analysis} of {DynAlloy Specifications}",
journal =      j-TOSEM,
volume =       "17",
number =       "1",
pages =        "4:1--4:34",
month =        dec,
year =         "2007",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1314493.1314497",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:13:04 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "DynAlloy is an extension of Alloy to support the
definition of actions and the specification of
we show how we can extend the Alloy tool so that
DynAlloy specifications can be automatically analyzed
in an efficient way. We also demonstrate that
DynAlloy's semantics allows for a sound technique that
we call program atomization, which improves the
analyzability of properties regarding execution traces
by considering certain programs as atomic steps in a
trace.\par

We present the foundations, case studies, and empirical
results indicating that the analysis of DynAlloy
specifications can be performed efficiently.",
acknowledgement = ack-nhfb,
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "Alloy; dynamic logic; software specification; software
validation",
}

@Article{Notkin:2008:Ea,
author =       "David Notkin",
title =        "Editorial",
journal =      j-TOSEM,
volume =       "17",
number =       "2",
pages =        "5:1--5:??",
month =        apr,
year =         "2008",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1348250.1348251",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:13:13 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
articleno =    "5",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Notkin:2008:ISS,
author =       "David Notkin and Mauro Pezz{\e}",
title =        "Introduction to the special section from the {ACM}
international symposium on software testing and
analysis {(ISSTA 2006)}",
journal =      j-TOSEM,
volume =       "17",
number =       "2",
pages =        "6:1--6:??",
month =        apr,
year =         "2008",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1348250.1348252",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:13:13 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
articleno =    "6",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Cobleigh:2008:BHD,
author =       "Jamieson M. Cobleigh and George S. Avrunin and Lori A.
Clarke",
title =        "Breaking up is hard to do: an evaluation of
automated assume-guarantee reasoning",
journal =      j-TOSEM,
volume =       "17",
number =       "2",
pages =        "7:1--7:??",
month =        apr,
year =         "2008",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1348250.1348253",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:13:13 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "Finite-state verification techniques are often
hampered by the state-explosion problem. One proposed
approach for addressing this problem is
assume-guarantee reasoning, where a system under
analysis is partitioned into subsystems and these
subsystems are analyzed individually. By composing the
results of these analyses, it can be determined whether
or not the system satisfies a property. Because each
subsystem is smaller than the whole system, analyzing
each subsystem individually may reduce the overall cost
of verification. Often the behavior of a subsystem is
dependent on the subsystems with which it interacts,
and thus it is usually necessary to provide assumptions
about the environment in which a subsystem executes.
Because developing assumptions has been a difficult
manual task, the evaluation of assume-guarantee
reasoning has been limited. Using recent advances for
automatically generating assumptions, we undertook a
study to determine if assume-guarantee reasoning
provides an advantage over monolithic verification. In
this study, we considered all two-way decompositions
for a set of systems and properties, using two
different verifiers, FLAVERS and LTSA. By increasing
the number of repeated tasks in these systems, we
evaluated the decompositions as they were scaled. We
found that in only a few cases can assume-guarantee
reasoning verify properties on larger systems than
monolithic verification can, and in these cases the
systems that can be analyzed are only a few sizes
larger. Although these results are discouraging, they
provide insight about research directions that should
be pursued and highlight the importance of experimental
evaluation in this area.",
acknowledgement = ack-nhfb,
articleno =    "7",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "Assume-guarantee reasoning",
}

@Article{Csallner:2008:DCH,
author =       "Christoph Csallner and Yannis Smaragdakis and Tao
Xie",
title =        "{DSD-Crasher}: a hybrid analysis tool for bug
finding",
journal =      j-TOSEM,
volume =       "17",
number =       "2",
pages =        "8:1--8:??",
month =        apr,
year =         "2008",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1348250.1348254",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:13:13 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "DSD-Crasher is a bug finding tool that follows a
three-step approach to program analysis:\par

D. Capture the program's intended execution behavior
with dynamic invariant detection. The derived
invariants exclude many unwanted values from the
program's input domain.\par

S. Statically analyze the program within the restricted
input domain to explore many paths.\par

D. Automatically generate test cases that focus on
reproducing the predictions of the static analysis.
Thereby confirmed results are feasible.\par

This three-step approach yields benefits compared to
past two-step combinations in the literature. In our
evaluation with third-party applications, we
demonstrate higher precision over tools that lack a
dynamic step and higher efficiency over tools that lack
a static step.",
acknowledgement = ack-nhfb,
articleno =    "8",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "Automatic testing; bug finding; dynamic analysis;
dynamic invariant detection; extended static checking;
false positives; static analysis; test case generation;
usability",
}

@Article{Fink:2008:ETV,
author =       "Stephen J. Fink and Eran Yahav and Nurit Dor and G.
Ramalingam and Emmanuel Geay",
title =        "Effective typestate verification in the presence of
aliasing",
journal =      j-TOSEM,
volume =       "17",
number =       "2",
pages =        "9:1--9:??",
month =        apr,
year =         "2008",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1348250.1348255",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:13:13 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
typestate verification, with acceptable precision, for
real-world Java programs. We present a novel framework
for verification of typestate properties, including
several new techniques to precisely treat aliases
without undue performance costs. In particular, we
present a flow-sensitive, context-sensitive, integrated
verifier that utilizes a parametric abstract domain
combining typestate and aliasing information. To scale
to real programs without compromising precision, we
present a staged verification system in which faster
verifiers run as early stages which reduce the workload
for later, more precise, stages.\par

We have evaluated our framework on a number of real
Java programs, checking correct API usage for various
Java standard libraries. The results show that our
approach scales to hundreds of thousands of lines of
code, and verifies correctness for 93\% of the
potential points of failure.",
acknowledgement = ack-nhfb,
articleno =    "9",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "Alias analysis; program verification; typestate",
}

@Article{Siegel:2008:CSE,
author =       "Stephen F. Siegel and Anastasia Mironova and George S.
Avrunin and Lori A. Clarke",
title =        "Combining symbolic execution with model checking to
verify parallel numerical programs",
journal =      j-TOSEM,
volume =       "17",
number =       "2",
pages =        "10:1--10:??",
month =        apr,
year =         "2008",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1348250.1348256",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:13:13 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "We present a method to verify the correctness of
parallel programs that perform complex numerical
computations, including computations involving
floating-point arithmetic. This method requires that a
sequential version of the program be provided, to serve
as the specification for the parallel one. The key idea
is to use model checking, together with symbolic
execution, to establish the equivalence of the two
programs. In this approach the path condition from
symbolic execution of the sequential program is used to
constrain the search through the parallel program. To
handle floating-point operations, three different types
of equivalence are supported. Several examples are
presented, demonstrating the approach and actual errors
that were found. Limitations and directions for future
research are also described.",
acknowledgement = ack-nhfb,
articleno =    "10",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "concurrency; Finite-state verification;
floating-point; high performance computing; Message
Passing Interface; model checking; MPI; numerical
program; parallel programming; Spin; symbolic
execution",
}

@Article{Tiwana:2008:ICD,
author =       "Amrit Tiwana",
title =        "Impact of classes of development coordination tools on
software development performance: a multinational
empirical study",
journal =      j-TOSEM,
volume =       "17",
number =       "2",
pages =        "11:1--11:??",
month =        apr,
year =         "2008",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1348250.1348257",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Mon Jun 16 11:13:13 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "Although a diverse variety of software development
coordination tools are widely used in practice,
considerable debate surrounds their impact on software
development performance. No large-scale field research
has systematically examined their impact on software
development performance. This paper reports the results
of a multinational field study of software projects in
209 software development organizations to empirically
examine the influence of six key classes of development
coordination tools on the efficiency (reduction of
development rework, budget compliance) and
effectiveness (defect reduction) of software
development performance.\par

Based on an in-depth field study, the article
conceptualizes six holistic classes of development
coordination tools. The results provide nuanced
insights---some counter to prevailing beliefs---into
the relationships between the use of various classes of
development coordination tools and software development
performance. The overarching finding is that the
performance benefits of development coordination tools
are contingent on the salient types of novelty in a
project. The dimension of development
performance---efficiency or effectiveness---that each
class of tools is associated with varies systematically
with whether a project involves conceptual novelty,
process novelty, multidimensional novelty (both process
and conceptual novelty), or neither. Another noteworthy
insight is that the use of some classes of tools
Collectively, the findings are among the first to offer
empirical support for the varied performance impacts of
various classes of development coordination tools and
have important implications for software development
practice. The paper also identifies several promising
areas for future research.",
acknowledgement = ack-nhfb,
articleno =    "11",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "collaborative software engineering. Software
outsourcing; coordination; development coordination
tools; development tools; efficiency effectiveness
tradeoff; empirical study; field study; knowledge
integration; knowledge management; outsourcing; project
management; regression analysis; Software development",
}

@Article{Notkin:2008:Eb,
author =       "David Notkin",
title =        "Editorial",
journal =      j-TOSEM,
volume =       "17",
number =       "3",
pages =        "12:1--12:??",
month =        jun,
year =         "2008",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1363102.1363103",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Wed Jun 25 08:43:45 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
articleno =    "12",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Mohagheghi:2008:EIS,
author =       "Parastoo Mohagheghi and Reidar Conradi",
title =        "An empirical investigation of software reuse benefits
in a large telecom product",
journal =      j-TOSEM,
volume =       "17",
number =       "3",
pages =        "13:1--13:??",
month =        jun,
year =         "2008",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1363102.1363104",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Wed Jun 25 08:43:45 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
on the benefits of software reuse in a large telecom
product. The reused components were developed in-house
and shared in a product-family approach. {\em Methods}.
Quantitative data mined from company repositories are
combined with other quantitative data and qualitative
observations. {\em Results}. We observed significantly
lower fault density and less modified code between
successive releases of the reused components. Reuse and
standardization of software architecture and processes
allowed easier transfer of development when
organizational changes happened. {\em Conclusions}. The
study adds to the evidence of quality benefits of
large-scale reuse programs and explores organizational
motivations and outcomes.",
acknowledgement = ack-nhfb,
articleno =    "13",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "fault density; product family; risks; software reuse;
standardization",
}

@Article{Henkel:2008:DDA,
author =       "Johannes Henkel and Christoph Reichenbach and Amer
Diwan",
title =        "Developing and debugging algebraic specifications for
{Java} classes",
journal =      j-TOSEM,
volume =       "17",
number =       "3",
pages =        "14:1--14:??",
month =        jun,
year =         "2008",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1363102.1363105",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Wed Jun 25 08:43:45 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "Modern programs make extensive use of reusable
software libraries. For example, a study of a number of
large Java applications shows that between 17\% and
30\% of the classes in those applications use container
classes defined in the {\tt java.util} package. Given
this extensive code reuse in Java programs, it is
important for the interfaces of reusable classes to be
well documented. An interface is well documented if it
satisfies the following requirements: (1) the
documentation completely describes how to use the
interface; (2) the documentation is clear; (3) the
documentation is unambiguous; and (4) any deviation
between the documentation and the code is machine
detectable. Unfortunately, documentation in natural
language, which is the norm, does not satisfy the above
requirements. Formal specifications can satisfy them
but they are difficult to develop, requiring
significant effort on the part of programmers.\par

To address the practical difficulties with formal
specifications, we describe and evaluate a tool to help
programmers write and debug algebraic specifications.
Given an algebraic specification of a class, our
interpreter generates a prototype that can be used
within an application like a regular Java class. When
running an application that uses the prototype, the
interpreter prints error messages that tell the
developer in which way the specification is incomplete
or inconsistent with a hand-coded implementation of the
class. We use case studies to demonstrate the
usefulness of our system.",
acknowledgement = ack-nhfb,
articleno =    "14",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "algebraic interpretation; algebraic specifications;
specification discovery",
}

@Article{Gencel:2008:FSM,
author =       "Cigdem Gencel and Onur Demirors",
title =        "Functional size measurement revisited",
journal =      j-TOSEM,
volume =       "17",
number =       "3",
pages =        "15:1--15:??",
month =        jun,
year =         "2008",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1363102.1363106",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Wed Jun 25 08:43:45 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "There are various approaches to software size
measurement. Among these, the metrics and methods based
on measuring the functionality attribute have become
widely used since the original method was introduced in
1979. Although functional size measurement methods have
gone a long way, they still provide challenges for
opportunities based on empirical studies we performed
on ongoing projects. We also compare our findings with
the extended dataset provided by the International
Software Benchmarking Standards Group (ISBSG).",
acknowledgement = ack-nhfb,
articleno =    "15",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "COSMIC FFP; functional size measurement; MkII FPA;
software benchmarking; software estimation",
}

@Article{Chen:2008:UBS,
author =       "Tsong Yueh Chen and Robert Merkel",
title =        "An upper bound on software testing effectiveness",
journal =      j-TOSEM,
volume =       "17",
number =       "3",
pages =        "16:1--16:??",
month =        jun,
year =         "2008",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/1363102.1363107",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Wed Jun 25 08:43:45 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "Failure patterns describe typical ways in which inputs
revealing program failure are distributed across the
input domain --- in many cases, clustered together in
contiguous regions. Based on these observations several
debug testing methods have been developed. We examine
the upper bound of debug testing effectiveness
improvements possible through making assumptions about
the shape, size and orientation of failure patterns. We
consider the bounds for testing strategies with respect
to minimizing the F-measure, maximizing the P-measure,
and maximizing the E-measure. Surprisingly, we find
that the empirically measured effectiveness of some
existing methods that are not based on these
assumptions is close to the theoretical upper bound of
these strategies. The assumptions made to obtain the
upper bound, and its further implications, are also
examined.",
acknowledgement = ack-nhfb,
articleno =    "16",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "adaptive random testing; failure patterns;
failure-causing inputs; random testing; software
testing; testing effectiveness metrics",
}

@Article{Jalote:2008:PRR,
author =       "Pankaj Jalote and Brendan Murphy and Vibhu Saujanya
Sharma",
title =        "Post-release reliability growth in software products",
journal =      j-TOSEM,
volume =       "17",
number =       "4",
pages =        "17:1--17:??",
month =        aug,
year =         "2008",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/13487689.13487690",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Wed Aug 20 14:07:07 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "Most software reliability growth models work under the
assumption that reliability of software grows due to
the removal of bugs that cause failures. However,
another phenomenon has often been observed --- the
failure rate of a software product following its
release decreases with time even if no bugs are
represent this phenomenon. We introduce the concept of
initial transient failure rate of the product and
assume that it decays with a factor $\alpha$ per unit
time thereby increasing the product reliability with
time. When the transient failure rate decays away, the
product displays a steady state failure rate. We
discuss how the parameters in this model --- initial
transient failure rate, decay factor, and steady state
failure rate --- can be determined from the failure and
sales data of a product. We also describe how, using
the model, we can determine the product stabilization
time --- a product quality metric that describes how
long it takes a product to reach close to its stable
failure rate. We provide many examples where this model
has been applied to data from released products.",
acknowledgement = ack-nhfb,
articleno =    "17",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "post-release reliability growth; product stabilization
time",
}

@Article{Robillard:2008:TAS,
author =       "Martin P. Robillard",
title =        "Topology analysis of software dependencies",
journal =      j-TOSEM,
volume =       "17",
number =       "4",
pages =        "18:1--18:??",
month =        aug,
year =         "2008",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/13487689.13487691",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Wed Aug 20 14:07:07 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "Before performing a modification task, a developer
usually has to investigate the source code of a system
to understand how to carry out the task. Discovering
the code relevant to a change task is costly because it
is a human activity whose success depends on a large
number of unpredictable factors, such as intuition and
luck. Although studies have shown that effective
developers tend to explore a program by following
structural dependencies, no methodology is available to
guide their navigation through the thousands of
dependency paths found in a nontrivial program. We
describe a technique to automatically propose and rank
program elements that are potentially interesting to a
developer investigating source code. Our technique is
based on an analysis of the topology of structural
dependencies in a program. It takes as input a set of
program elements of interest to a developer and
produces a fuzzy set describing other elements of
potential interest. Empirical evaluation of our
technique indicates that it can help developers quickly
select program elements worthy of investigation while
avoiding less interesting ones.",
acknowledgement = ack-nhfb,
articleno =    "18",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
keywords =     "feature location; program understanding; separation of
concerns; software change; software evolution; software
}

@Article{Emmerich:2008:IRD,
author =       "Wolfgang Emmerich and Mikio Aoyama and Joe Sventek",
title =        "The impact of research on the development of
middleware technology",
journal =      j-TOSEM,
volume =       "17",
number =       "4",
pages =        "19:1--19:??",
month =        aug,
year =         "2008",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/13487689.13487692",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Wed Aug 20 14:07:07 MDT 2008",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "The middleware market represents a sizable segment of
the overall Information and Communication Technology
market. In 2005, the annual middleware license revenue
was reported by Gartner to be in the region of \8.5 billion. In this article we address the question whether research had any involvement in the creation of the technology that is being sold in this market? We attempt a scholarly discourse. We present the research method that we have applied to answer this question. We then present a brief introduction into the key middleware concepts that provide the foundation for this market. It would not be feasible to investigate any possible impact that research might have had. Instead we select a few very successful technologies that are representative for the middleware market as a whole and show the existence of impact of research results in the creation of these technologies. We investigate the origins of Web services middleware, distributed transaction processing middleware, message-oriented middleware, distributed object middleware and remote procedure call systems. For each of these technologies we are able to show ample influence of research and conclude that without the research conducted by PhD students and researchers in university computer science labs at Brown, CMU, Cambridge, Newcastle, MIT, Vrije, and University of Washington as well as research in industrial labs at APM, AT\&T Bell Labs, DEC Systems Research, HP Labs, IBM Research, and Xerox PARC we would not have middleware technology in its current form. We summarise the article by distilling lessons that can be learnt from this evidenced impact for future technology transfer undertakings.", acknowledgement = ack-nhfb, articleno = "19", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Gruschke:2008:ROF, author = "Tanja M. Gruschke and Magne J{\o}rgensen", title = "The role of outcome feedback in improving the uncertainty assessment of software development effort estimates", journal = j-TOSEM, volume = "17", number = "4", pages = "20:1--20:??", month = aug, year = "2008", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/13487689.13487693", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Aug 20 14:07:07 MDT 2008", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Previous studies report that software developers are over-confident in the accuracy of their effort estimates. Aim: This study investigates the role of outcome feedback, that is, feedback about the discrepancy between the estimated and the actual effort, in improving the uncertainty assessments. Method: We conducted two in-depth empirical studies on uncertainty assessment learning. Study 1 included five student developers and Study 2, 10 software professionals. In each study the developers repeatedly assessed the uncertainty of their effort estimates of a programming task, solved the task, and received estimation accuracy outcome feedback. Results: We found that most, but not all, developers were initially over-confident in the accuracy of their effort estimates and remained over-confident in spite of repeated and timely outcome feedback. One important, but not sufficient, condition for improvement based on outcome feedback seems to be the use of explicitly formulated, instead of purely intuition-based, uncertainty assessment strategies.", acknowledgement = ack-nhfb, articleno = "20", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "cost estimation; effort prediction intervals; judgment-based uncertainty assessment; overconfidence; software cost estimation; software development management", } @Article{Karam:2008:ULT, author = "Marcel R. Karam and Trevor J. Smedley and Sergiu M. Dascalu", title = "Unit-level test adequacy criteria for visual dataflow languages and a testing methodology", journal = j-TOSEM, volume = "18", number = "1", pages = "1:1--1:??", month = sep, year = "2008", CODEN = "ATSMER", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Mon Oct 6 15:14:19 MDT 2008", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Visual dataflow languages (VDFLs), which include commercial and research systems, have had a substantial impact on end-user programming. Like any other programming languages, whether visual or textual, VDFLs often contain faults. A desire to provide programmers of these languages with some of the benefits of traditional testing methodologies has been the driving force behind our effort in this work. In this article we introduce, in the context of Prograph, a testing methodology for VDFLs based on structural test adequacy criteria and coverage. This article also reports on the results of two empirical studies. The first study was conducted to obtain meaningful information about, in particular, the effectiveness of our all-Dus criteria in detecting a reasonable percentage of faults in VDFLs. The second study was conducted to evaluate, under the same criterion, the effectiveness of our methodology in assisting users to visually localize faults by reducing their search space. Both studies were conducted using a testing system that we have implemented in Prograph's IDE.", acknowledgement = ack-nhfb, articleno = "1", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Louridas:2008:PLS, author = "Panagiotis Louridas and Diomidis Spinellis and Vasileios Vlachos", title = "Power laws in software", journal = j-TOSEM, volume = "18", number = "1", pages = "2:1--2:??", month = sep, year = "2008", CODEN = "ATSMER", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Mon Oct 6 15:14:19 MDT 2008", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "A single statistical framework, comprising power law distributions and scale-free networks, seems to fit a wide variety of phenomena. There is evidence that power laws appear in software at the class and function level. We show that distributions with long, fat tails in software are much more pervasive than previously established, appearing at various levels of abstraction, in diverse systems and languages. The implications of this phenomenon cover various aspects of software engineering research and practice.", acknowledgement = ack-nhfb, articleno = "2", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Lhotak:2008:EBC, author = "Ond{\v{r}}ej Lhot{\'a}k and Laurie Hendren", title = "Evaluating the benefits of context-sensitive points-to analysis using a {BDD}-based implementation", journal = j-TOSEM, volume = "18", number = "1", pages = "3:1--3:??", month = sep, year = "2008", CODEN = "ATSMER", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Mon Oct 6 15:14:19 MDT 2008", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "We present Paddle, a framework of BDD-based context-sensitive points-to and call graph analyses for Java, as well as client analyses that use their results. Paddle supports several variations of context-sensitive analyses, including call site strings and object sensitivity, and context-sensitively specializes both pointer variables and the heap abstraction. We empirically evaluate the precision of these context-sensitive analyses on significant Java programs. We find that object-sensitive analyses are more precise than comparable variations of the other approaches, and that specializing the heap abstraction improves precision more than extending the length of context strings.", acknowledgement = ack-nhfb, articleno = "3", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Memon:2008:ARE, author = "Atif M. Memon", title = "Automatically repairing event sequence-based {GUI} test suites for regression testing", journal = j-TOSEM, volume = "18", number = "2", pages = "4:1--4:??", month = nov, year = "2008", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1416563.1416564", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Nov 11 15:45:20 MST 2008", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Although graphical user interfaces (GUIs) constitute a large part of the software being developed today and are typically created using rapid prototyping, there are no effective regression testing techniques for GUIs. The needs of GUI regression testing differ from those of traditional software. When the structure of a GUI is modified, test cases from the original GUI's suite are either reusable or unusable on the modified GUI. Because GUI test case generation is expensive, our goal is to make the unusable test cases usable, thereby helping to retain the suite's event coverage. The idea of reusing these unusable ({\em obsolete\/}) test cases has not been explored before. This article shows that a large number of test cases become unusable for GUIs. It presents a new GUI regression testing technique that first automatically determines the usable and unusable test cases from a test suite after a GUI modification, then determines the unusable test cases that can be repaired so that they can execute on the modified GUI, and finally uses {\em repairing transformations\/} to repair the test cases. This regression testing technique along with four repairing transformations has been implemented. An empirical study for four open-source applications demonstrates that (1) this approach is effective in that many of the test cases can be repaired, and is practical in terms of its time performance, (2) certain types of test cases are more prone to becoming unusable, and (3) certain types of dominator'' events, when modified, make a large number of test cases unusable.", acknowledgement = ack-nhfb, articleno = "4", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "Graphical user interfaces; regression testing; repairing test cases; test case management; test maintenance", } @Article{Breaux:2008:SPP, author = "Travis D. Breaux and Annie I. Ant{\'o}n and Jon Doyle", title = "Semantic parameterization: a process for modeling domain descriptions", journal = j-TOSEM, volume = "18", number = "2", pages = "5:1--5:??", month = nov, year = "2008", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1416563.1416565", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Nov 11 15:45:20 MST 2008", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Software engineers must systematically account for the broad scope of environmental behavior, including nonfunctional requirements, intended to coordinate the actions of stakeholders and software systems. The Inquiry Cycle Model (ICM) provides engineers with a strategy to acquire and refine these requirements by having domain experts answer six questions: who, what, where, when, how, and why. Goal-based requirements engineering has led to the formalization of requirements to answer the ICM questions about {\em when}, {\em how}, and {\em why\/} goals are achieved, maintained, or avoided. In this article, we present a systematic process called {\em Semantic Parameterization\/} for expressing natural language domain descriptions of goals as specifications in description logic. The formalization of goals in description logic allows engineers to automate inquiries using {\em who}, {\em what}, and {\em where\/} questions, completing the formalization of the ICM questions. The contributions of this approach include new theory to conceptually compare and disambiguate goal specifications that enables querying goals and organizing goals into specialization hierarchies. The artifacts in the process include a dictionary that aligns the domain lexicon with unique concepts, distinguishing between synonyms and polysemes, and several natural language patterns that aid engineers in mapping common domain descriptions to formal specifications. Semantic Parameterization has been empirically validated in three case studies on policy and regulatory descriptions that govern information systems in the finance and health-care domains.", acknowledgement = ack-nhfb, articleno = "5", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "description logic; domain knowledge; formal specification; Natural language", } @Article{Huang:2008:DSL, author = "Shan Shan Huang and David Zook and Yannis Smaragdakis", title = "Domain-specific languages and program generation with {meta-AspectJ}", journal = j-TOSEM, volume = "18", number = "2", pages = "6:1--6:??", month = nov, year = "2008", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1416563.1416566", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Nov 11 15:45:20 MST 2008", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Meta-AspectJ (MAJ) is a language for generating AspectJ programs using code templates. MAJ itself is an extension of Java, so users can interleave arbitrary Java code with AspectJ code templates. MAJ is a structured metaprogramming tool: a well-typed generator implies a syntactically correct generated program. MAJ promotes a methodology that combines aspect-oriented and generative programming. A valuable application is in implementing small domain-specific language extensions as generators using unobtrusive annotations for syntax extension and AspectJ as a back-end. The advantages of this approach are twofold. First, the generator integrates into an existing software application much as a regular API or library, instead of as a language extension. Second, a mature language implementation is easy to achieve with little effort since AspectJ takes care of the low-level issues of interfacing with the base Java language.\par In addition to its practical value, MAJ offers valuable insights to metaprogramming tool designers. It is a mature metaprogramming tool for AspectJ (and, by extension, Java): a lot of emphasis has been placed on context-sensitive parsing and error reporting. As a result, MAJ minimizes the number of metaprogramming (quote/unquote) operators and uses type inference to reduce the need to remember type names for syntactic entities.", acknowledgement = ack-nhfb, articleno = "6", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "domain-specific languages; language extensions; Metaprogramming; program synthesis; program transformation; program verification", } @Article{Xie:2008:UPS, author = "Qing Xie and Atif M. Memon", title = "Using a pilot study to derive a {GUI} model for automated testing", journal = j-TOSEM, volume = "18", number = "2", pages = "7:1--7:??", month = nov, year = "2008", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1416563.1416567", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Nov 11 15:45:20 MST 2008", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Graphical user interfaces (GUIs) are one of the most commonly used parts of today's software. Despite their ubiquity, testing GUIs for functional correctness remains an understudied area. A typical GUI gives many degrees of freedom to an end-user, leading to an enormous {\em input event interaction space\/} that needs to be tested. GUI test designers generate and execute test cases (modeled as sequences of user {\em events\/}) to traverse its parts; targeting a subspace in order to maximize fault detection is a nontrivial task. In this vein, in previous work, we used informal GUI code examination and personal intuition to develop an {\em event-interaction graph\/} (EIG). In this article we empirically derive the EIG model via a pilot study, and the resulting EIG validates our intuition used in previous work; the empirical derivation process also allows for model evolution as our understanding of GUI faults improves. Results of the pilot study show that events interact in complex ways; a GUI's response to an event may vary depending on the {\em context\/} established by preceding events and their execution order. The EIG model helps testers to understand the nature of interactions between GUI events when executed in test cases and why certain events detect faults, so that they can better traverse the event space. New test adequacy criteria are defined for the EIG; new algorithms use these criteria and EIG to systematically generate test cases that are shown to be effective on four fielded open-source applications.", acknowledgement = ack-nhfb, articleno = "7", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "Graphical user interfaces; model-based testing; test minimization; test suite management", } @Article{Notkin:2009:E, author = "David Notkin", title = "Editorial", journal = j-TOSEM, volume = "18", number = "3", pages = "8:1--8:??", month = may, year = "2009", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1525880.1525881", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Jun 3 16:34:58 MDT 2009", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", acknowledgement = ack-nhfb, articleno = "8", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Bauer:2009:CER, author = "Lujo Bauer and Jay Ligatti and David Walker", title = "Composing expressive runtime security policies", journal = j-TOSEM, volume = "18", number = "3", pages = "9:1--9:??", month = may, year = "2009", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1525880.1525882", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Jun 3 16:34:58 MDT 2009", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Program monitors enforce security policies by interposing themselves into the control flow of untrusted software whenever that software attempts to execute security-relevant actions. At the point of interposition, a monitor has authority to permit or deny (perhaps conditionally) the untrusted software's attempted action. Program monitors are common security enforcement mechanisms and integral parts of operating systems, virtual machines, firewalls, network auditors, and antivirus and antispyware tools.\par Unfortunately, the runtime policies we require program monitors to enforce grow more complex, both as the monitored software is given new capabilities and as policies are refined in response to attacks and user feedback. We propose dealing with policy complexity by organizing policies in such a way as to make them composable, so that complex policies can be specified more simply as compositions of smaller subpolicy modules. We present a fully implemented language and system called Polymer that allows security engineers to specify and enforce composable policies on Java applications. We formalize the central workings of Polymer by defining an unambiguous semantics for our language. Using this formalization, we state and prove an uncircumventability theorem which guarantees that monitors will intercept all security-relevant actions of untrusted software.", acknowledgement = ack-nhfb, articleno = "9", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "Policy composition; policy enforcement; policy-specification language", } @Article{Hall:2009:SRT, author = "Tracy Hall and Nathan Baddoo and Sarah Beecham and Hugh Robinson and Helen Sharp", title = "A systematic review of theory use in studies investigating the motivations of software engineers", journal = j-TOSEM, volume = "18", number = "3", pages = "10:1--10:??", month = may, year = "2009", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1525880.1525883", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Jun 3 16:34:58 MDT 2009", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Motivated software engineers make a critical contribution to delivering successful software systems. Understanding the motivations of software engineers and the impact of motivation on software engineering outcomes could significantly affect the industry's ability to deliver good quality software systems. Understanding the motivations of people generally in relation to their work is underpinned by eight classic motivation theories from the social sciences. We would expect these classic motivation theories to play an important role in developing a rigorous understanding of the specific motivations of software engineers. In this article we investigate how this theoretical basis has been exploited in previous studies of software engineering. We analyzed 92 studies of motivation in software engineering that were published in the literature between 1980 and 2006. Our main findings are that many studies of software engineers' motivations are not explicitly underpinned by reference to the classic motivation theories. Furthermore, the findings presented in these studies are often not explicitly interpreted in terms of those theories, despite the fact that in many cases there is a relationship between those findings and the theories. Our conclusion is that although there has been a great deal of previous work looking at motivation in software engineering, the lack of reference to classic theories of motivation means that the current body of work in the area is weakened and our understanding of motivation in software engineering is not as rigorous as it may at first appear. This weakness in the current state of knowledge highlights important areas for future researchers to contribute towards developing a rigorous and usable body of knowledge in motivating software engineers.", acknowledgement = ack-nhfb, articleno = "10", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "Motivation; software engineering", } @Article{McMinn:2009:EEN, author = "Phil McMinn and David Binkley and Mark Harman", title = "Empirical evaluation of a nesting testability transformation for evolutionary testing", journal = j-TOSEM, volume = "18", number = "3", pages = "11:1--11:??", month = may, year = "2009", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1525880.1525884", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Jun 3 16:34:58 MDT 2009", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Evolutionary testing is an approach to automating test data generation that uses an evolutionary algorithm to search a test object's input domain for test data. Nested predicates can cause problems for evolutionary testing, because information needed for guiding the search only becomes available as each nested conditional is satisfied. This means that the search process can overfit to early information, making it harder, and sometimes near impossible, to satisfy constraints that only become apparent later in the search. The article presents a testability transformation that allows the evaluation of all nested conditionals at once. Two empirical studies are presented. The first study shows that the form of nesting handled is prevalent in practice. The second study shows how the approach improves evolutionary test data generation.", acknowledgement = ack-nhfb, articleno = "11", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "Evolutionary testing; search-based software engineering; test data generation; testability transformation", } @Article{Hamlet:2009:TES, author = "Dick Hamlet", title = "Tools and experiments supporting a testing-based theory of component composition", journal = j-TOSEM, volume = "18", number = "3", pages = "12:1--12:??", month = may, year = "2009", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1525880.1525885", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Jun 3 16:34:58 MDT 2009", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Development of software using off-the-shelf components seems to offer a chance for improving product quality and developer productivity. This article reviews a foundational testing-based theory of component composition, describes tools that implement the theory, and presents experiments with functional and nonfunctional component/system properties that validate the theory and illuminate issues in component composition.\par The context for this work is an ideal form of Component-Based Software Development (CBSD) supported by tools. Component developers describe their components by measuring approximations to functional and nonfunctional behavior on a finite collection of subdomains. Systems designers describe an application-system structure by the component connections that form it. From measured component descriptions and a system structure, a CAD tool synthesizes the system properties, predicting how the system will behave. The system is not built, nor are any test executions performed. Neither the component sources nor executables are needed by systems designers. From CAD calculations a designer can learn (approximately) anything that could be learned by testing an actual system implementation. The CAD tool is often more efficient than it would be to assemble and execute an actual system.\par Using tools that support an ideal separation between component- and system development, experiments were conducted to investigate two related questions: (1) To what extent can unit (that is, component) testing replace system testing? (2) What properties of software and subdomains influence the quality of subdomain testing?", acknowledgement = ack-nhfb, articleno = "12", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "CAD tool support for CBSD; component-based software development (CBSD); Experiments with composition of software components; synthesis of system properties", } @Article{Goel:2009:IPC, author = "Ankit Goel and Abhik Roychoudhury and P. S. Thiagarajan", title = "Interacting process classes", journal = j-TOSEM, volume = "18", number = "4", pages = "13:1--13:??", month = jul, year = "2009", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1538942.1538943", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Aug 11 19:18:32 MDT 2009", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Many reactive control systems consist of classes of active objects involving both intraclass interactions (i.e., objects belonging to the same class interacting with each other) and interclass interactions. Such reactive control systems appear in domains such as telecommunication, transportation and avionics. In this article, we propose a modeling and simulation technique for interacting process classes. Our modeling style uses standard notations to capture behavior. In particular, the control flow of a process class is captured by a labeled transition system, unit interactions between process objects are described as {\em transactions}, and the structural relations are captured via class diagrams. The key feature of our approach is that our execution semantics leads to an {\em abstract\/} simulation technique which involves (i) grouping together active objects into equivalence classes according their potential futures, and (ii) keeping track of the number of objects in an equivalence class rather than their identities. Our simulation strategy is both time and memory efficient and we demonstrate this on well-studied nontrivial examples of reactive systems. We also present a case study involving a weather-update controller from NASA to demonstrate the use of our simulator for debugging realistic designs.", acknowledgement = ack-nhfb, articleno = "13", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "Abstract execution; active objects; message sequence charts; Unified Modeling Language (UML)", } @Article{Hierons:2009:VFT, author = "Robert M. Hierons", title = "Verdict functions in testing with a fault domain or test hypotheses", journal = j-TOSEM, volume = "18", number = "4", pages = "14:1--14:??", month = jul, year = "2009", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1538942.1538944", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Aug 11 19:18:32 MDT 2009", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "In state-based testing, it is common to include verdicts within test cases, the result of the test case being the verdict reached by the test run. In addition, approaches that reason about test effectiveness or produce tests that are guaranteed to find certain classes of faults are often based on either a fault domain or a set of test hypotheses. This article considers how the presence of a fault domain or test hypotheses affects our notion of a test verdict. The analysis reveals the need for new verdicts that provide more information than the current verdicts and for verdict functions that return a verdict based on a set of test runs rather than a single test run. The concepts are illustrated in the contexts of testing from a nondeterministic finite state machine and the testing of a datatype specified using an algebraic specification language but are potentially relevant whenever fault domains or test hypotheses are used.", acknowledgement = ack-nhfb, articleno = "14", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "fault domains; test hypotheses; Test verdicts", } @Article{Mamei:2009:PPM, author = "Marco Mamei and Franco Zambonelli", title = "Programming pervasive and mobile computing applications: {The TOTA} approach", journal = j-TOSEM, volume = "18", number = "4", pages = "15:1--15:??", month = jul, year = "2009", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1538942.1538945", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Aug 11 19:18:32 MDT 2009", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Pervasive and mobile computing call for suitable middleware and programming models to support the activities of complex software systems in dynamic network environments. In this article we present TOTA (Tuples On The Air''), a novel middleware and programming approach for supporting adaptive context-aware activities in pervasive and mobile computing scenarios. The key idea in TOTA is to rely on spatially distributed tuples, adaptively propagated across a network on the basis of application-specific rules, for both representing contextual information and supporting uncoupled interactions between application components. TOTA promotes a simple way of programming that facilitates access to distributed information, navigation in complex environments, and the achievement of complex coordination tasks in a fully distributed and adaptive way, mostly freeing programmers and system managers from the need to take care of low-level issues related to network dynamics. This article includes both application examples to clarify concepts and performance figures to show the feasibility of the approach", acknowledgement = ack-nhfb, articleno = "15", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "coordination; middleware; mobile computing; Pervasive computing; self-adaptation; self-organization; tuple spaces", } @Article{Tilevich:2009:JOE, author = "Eli Tilevich and Yannis Smaragdakis", title = "{J-Orchestra}: {Enhancing} {Java} programs with distribution capabilities", journal = j-TOSEM, volume = "19", number = "1", pages = "1:1--1:??", month = aug, year = "2009", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1555392.1555394", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Aug 11 19:18:39 MDT 2009", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "J-Orchestra is a system that enhances centralized Java programs with distribution capabilities. Operating at the bytecode level, J-Orchestra transforms a centralized Java program (i.e., running on a single Java Virtual Machine (JVM)) into a distributed one (i.e., running across multiple JVMs). This transformation effectively separates distribution concerns from the core functionality of a program. J-Orchestra follows a semiautomatic transformation process. Through a GUI, the user selects program elements (at class granularity) and assigns them to network locations. Based on the user's input, the J-Orchestra backend {\em automatically partitions\/} the program through compiler-level techniques, without changes to the JVM or to the Java Runtime Environment (JRE) classes. By means of bytecode engineering and code generation, J-Orchestra substitutes method calls with remote method calls, direct object references with proxy references, etc. It also translates Java language features (e.g., static methods and fields, inheritance, inner classes, new object construction, etc.) for efficient distributed execution.\par We detail the main technical issues that J-Orchestra addresses, including its mechanism for program transformation in the presence of unmodifiable code (e.g., in JRE classes) and the translation of concurrency and synchronization constructs to work correctly over the network. We further discuss a case study of transforming a large, commercial, third-party application for efficient execution in a client server environment and outline the architectural characteristics of centralized programs that are amenable to automated distribution with J-Orchestra.", acknowledgement = ack-nhfb, articleno = "1", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "bytecode engineering; distributed computing; Java; middleware; RMI; Separation of concerns", } @Article{Ouyang:2009:BPM, author = "Chun Ouyang and Marlon Dumas and Wil M. P. {Van Der Aalst} and Arthur H. M. {Ter Hofstede} and Jan Mendling", title = "From business process models to process-oriented software systems", journal = j-TOSEM, volume = "19", number = "1", pages = "2:1--2:??", month = aug, year = "2009", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1555392.1555395", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Aug 11 19:18:39 MDT 2009", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Several methods for enterprise systems analysis rely on flow-oriented representations of business operations, otherwise known as business process models. The Business Process Modeling Notation (BPMN) is a standard for capturing such models. BPMN models facilitate communication between domain experts and analysts and provide input to software development projects. Meanwhile, there is an emergence of methods for enterprise software development that rely on detailed process definitions that are executed by process engines. These process definitions refine their counterpart BPMN models by introducing data manipulation, application binding, and other implementation details. The de facto standard for defining executable processes is the Business Process Execution Language (BPEL). Accordingly, a standards-based method for developing process-oriented systems is to start with BPMN models and to translate these models into BPEL definitions for subsequent refinement. However, instrumenting this method is challenging because BPMN models and BPEL definitions are structurally very different. Existing techniques for translating BPMN to BPEL only work for limited classes of BPMN models. This article proposes a translation technique that does not impose structural restrictions on the source BPMN model. At the same time, the technique emphasizes the generation of readable (block-structured) BPEL code. An empirical evaluation conducted over a large collection of process models shows that the resulting BPEL definitions are largely block-structured. Beyond its direct relevance in the context of BPMN and BPEL, the technique presented in this article addresses issues that arise when translating from graph-oriented to block-structure flow definition languages.", acknowledgement = ack-nhfb, articleno = "2", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "BPEL; BPMN; Business process modeling; Web services", } @Article{Rajan:2009:UAO, author = "Hridesh Rajan and Kevin J. Sullivan", title = "Unifying aspect- and object-oriented design", journal = j-TOSEM, volume = "19", number = "1", pages = "3:1--3:??", month = aug, year = "2009", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1555392.1555396", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Aug 11 19:18:39 MDT 2009", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "The contribution of this work is the design and evaluation of a programming language model that unifies aspects and classes as they appear in AspectJ-like languages. We show that our model preserves the capabilities of AspectJ-like languages, while improving the conceptual integrity of the language model and the compositionality of modules. The improvement in conceptual integrity is manifested by the reduction of specialized constructs in favor of uniform orthogonal constructs. The enhancement in compositionality is demonstrated by better modularization of integration and higher-order crosscutting concerns.", acknowledgement = ack-nhfb, articleno = "3", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "aspect-oriented programming; binding; Classpect; Eos; first class aspect instances; instance-level advising; unified aspect language model", } @Article{Tan:2009:CDM, author = "Hee Beng Kuan Tan and Yuan Zhao and Hongyu Zhang", title = "Conceptual data model-based software size estimation for information systems", journal = j-TOSEM, volume = "19", number = "2", pages = "4:1--4:??", month = oct, year = "2009", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1571629.1571630", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Fri Oct 9 20:39:35 MDT 2009", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Size estimation plays a key role in effort estimation that has a crucial impact on software projects in the software industry. Some information required by existing software sizing methods is difficult to predict in the early stage of software development. A conceptual data model is widely used in the early stage of requirements analysis for information systems. Lines of code (LOC) is a commonly used software size measure. This article proposes a novel LOC estimation method for information systems from their conceptual data models through using a multiple linear regression model. We have validated the proposed method using samples from both the software industry and open-source systems.", acknowledgement = ack-nhfb, articleno = "4", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "conceptual data model; line of code (LOC); multiple linear regression model; Software sizing", } @Article{Masri:2009:MSI, author = "Wes Masri and Andy Podgurski", title = "Measuring the strength of information flows in programs", journal = j-TOSEM, volume = "19", number = "2", pages = "5:1--5:??", month = oct, year = "2009", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1571629.1571631", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Fri Oct 9 20:39:35 MDT 2009", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "{\em Dynamic information flow analysis\/} (DIFA) was devised to enable the flow of information among variables in an executing program to be monitored and possibly regulated. It is related to techniques like {\em dynamic slicing\/} and {\em dynamic impact analysis}. To better understand the basis for DIFA, we conducted an empirical study in which we measured the {\em strength\/} of information flows identified by DIFA, using information theoretic and correlation-based methods. The results indicate that in most cases the occurrence of a chain of dynamic program dependences between two variables does {\em not\/} indicate a measurable information flow between them. We also explored the relationship between the strength of an information flow and the {\em length\/} of the corresponding dependence chain, and we obtained results indicating that no consistent relationship exists between the length of an information flow and its strength. Finally, we investigated whether data dependence and control dependence makes equal or unequal contributions to flow strength. The results indicate that flows due to data dependences alone are stronger, on average, than flows due to control dependences alone. We present the details of our study and consider the implications of the results for applications of DIFA and related techniques.", acknowledgement = ack-nhfb, articleno = "5", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "correlation; Dynamic information flow analysis; dynamic slicing; entropy; information flow length; information flow strength; information leakage; program dependence", } @Article{Desai:2009:AMM, author = "Nirmit Desai and Amit K. Chopra and Munindar P. Singh", title = "{Amoeba}: a methodology for modeling and evolving cross-organizational business processes", journal = j-TOSEM, volume = "19", number = "2", pages = "6:1--6:??", month = oct, year = "2009", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1571629.1571632", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Fri Oct 9 20:39:35 MDT 2009", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Business service engagements involve processes that extend across two or more autonomous organizations. Because of regulatory and competitive reasons, requirements for cross-organizational business processes often evolve in subtle ways. The changes may concern the business transactions supported by a process, the organizational structure of the parties participating in the process, or the contextual policies that apply to the process. Current business process modeling approaches handle such changes in an ad hoc manner, and lack a principled means for determining what needs to be changed and where. Cross-organizational settings exacerbate the shortcomings of traditional approaches because changes in one organization can potentially affect the workings of another.\par This article describes Amoeba, a methodology for business processes that is based on {\em business protocols}. Protocols capture the business meaning of interactions among autonomous parties via commitments. Amoeba includes guidelines for (1) specifying cross-organizational processes using business protocols, and (2) handling the evolution of requirements via a novel application of protocol composition. This article evaluates Amoeba using enhancements of a real-life business scenario of auto-insurance claim processing, and an aerospace case study.", acknowledgement = ack-nhfb, articleno = "6", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "Business process modeling; business protocols; requirements evolution", } @Article{Notkin:2010:E, author = "David Notkin", title = "Editorial", journal = j-TOSEM, volume = "19", number = "3", pages = "7:1--7:??", month = jan, year = "2010", CODEN = "ATSMER", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Mon Mar 15 13:32:11 MDT 2010", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", acknowledgement = ack-nhfb, articleno = "7", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Whittle:2010:SHS, author = "Jon Whittle and Praveen K. Jayaraman", title = "Synthesizing hierarchical state machines from expressive scenario descriptions", journal = j-TOSEM, volume = "19", number = "3", pages = "8:1--8:??", month = jan, year = "2010", CODEN = "ATSMER", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Mon Mar 15 13:32:11 MDT 2010", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", acknowledgement = ack-nhfb, articleno = "8", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Xu:2010:PCC, author = "Chang Xu and S. C. Cheung and W. K. Chan and Chunyang Ye", title = "Partial constraint checking for context consistency in pervasive computing", journal = j-TOSEM, volume = "19", number = "3", pages = "9:1--9:??", month = jan, year = "2010", CODEN = "ATSMER", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Mon Mar 15 13:32:11 MDT 2010", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", acknowledgement = ack-nhfb, articleno = "9", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Brogi:2010:DIS, author = "Antonio Brogi and Razvan Popescu and Matteo Tanca", title = "Design and implementation of {Sator}: a {Web} service aggregator", journal = j-TOSEM, volume = "19", number = "3", pages = "10:1--10:??", month = jan, year = "2010", CODEN = "ATSMER", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Mon Mar 15 13:32:11 MDT 2010", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", acknowledgement = ack-nhfb, articleno = "10", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Ponge:2010:AAT, author = "Julien Ponge and Boualem Benatallah and Fabio Casati and Farouk Toumani", title = "Analysis and applications of timed service protocols", journal = j-TOSEM, volume = "19", number = "4", pages = "11:1--11:??", month = apr, year = "2010", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1734229.1734230", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Apr 21 11:41:14 MDT 2010", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Web services are increasingly gaining acceptance as a framework for facilitating application-to-application interactions within and across enterprises. It is commonly accepted that a service description should include not only the interface, but also the business protocol supported by the service. The present work focuses on the formalization of an important category of protocols that includes time-related constraints (called {\em timed protocols\/}), and the impact of time on compatibility and replaceability analysis. We formalized the following timing constraints: C-Invoke constraints define time windows within which a service operation can be invoked while M-Invoke constraints define expiration deadlines. We extended techniques for compatibility and replaceability analysis between timed protocols by using a semantic-preserving mapping between timed protocols and timed automata, leading to the identification of a novel class of timed automata, called {\em protocol timed automata\/} (PTA). PTA exhibit a particular kind of silent transition that strictly increase the expressiveness of the model, yet they are closed under complementation, making every type of compatibility or replaceability analysis decidable. Finally, we implemented our approach in the context of a larger project called ServiceMosaic, a model-driven framework for Web service life-cycle management.", acknowledgement = ack-nhfb, articleno = "11", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "compatibility and replaceability analysis; timed automata; timed business protocols; Web services", } @Article{Payton:2010:SSA, author = "Jamie Payton and Christine Julien and Gruia-Catalin Roman and Vasanth Rajamani", title = "Semantic self-assessment of query results in dynamic environments", journal = j-TOSEM, volume = "19", number = "4", pages = "12:1--12:??", month = apr, year = "2010", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1734229.1734231", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Apr 21 11:41:14 MDT 2010", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Queries are convenient abstractions for the discovery of information and services, as they offer content-based information access. In distributed settings, query semantics are well-defined, for example, queries are often designed to satisfy ACID transactional properties. When query processing is introduced in a dynamic network setting, achieving transactional semantics becomes complex due to the open and unpredictable environment. In this article, we propose a query processing model for mobile ad hoc and sensor networks that is suitable for expressing a wide range of query semantics; the semantics differ in the degree of consistency with which query results reflect the state of the environment during query execution. We introduce several distinct notions of consistency and formally express them in our model. A practical and significant contribution of this article is a protocol for query processing that automatically assesses and adaptively provides an achievable degree of consistency given the operational environment throughout its execution. The protocol attaches an assessment of the achieved guarantee to returned query results, allowing precise reasoning about a query with a range of possible semantics. We evaluate the performance of this protocol and demonstrate the benefits accrued to applications through examples drawn from an industrial application.", acknowledgement = ack-nhfb, articleno = "12", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "consistency; mobile computing; Query processing", } @Article{Chen:2010:VSI, author = "Chunqing Chen and Jin Song Dong and Jun Sun and Andrew Martin", title = "A verification system for interval-based specification languages", journal = j-TOSEM, volume = "19", number = "4", pages = "13:1--13:??", month = apr, year = "2010", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1734229.1734232", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Apr 21 11:41:14 MDT 2010", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Interval-based specification languages have been used to formally model and rigorously reason about real-time computing systems. This usually involves logical reasoning and mathematical computation with respect to continuous or discrete time. When these systems are complex, analyzing their models by hand becomes error-prone and difficult. In this article, we develop a verification system to facilitate the formal analysis of interval-based specification languages with machine-assisted proof support. The verification system is developed using a generic theorem prover, Prototype Verification System (PVS). Our system elaborately encodes a highly expressive set-based notation, Timed Interval Calculus (TIC), and can rigorously carry out the verification of TIC models at an interval level. We validated all TIC reasoning rules and discovered subtle flaws in the original rules. We also apply TIC to model Duration Calculus (DC), which is a popular interval-based specification language, and thus expand the capacity of the verification system. We can check the correctness of DC axioms, and execute DC proofs in a manner similar to the corresponding pencil-and-paper DC arguments.", acknowledgement = ack-nhfb, articleno = "13", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "Formal specification languages; real-time systems; theorem proving", } @Article{Steimann:2010:TMI, author = "Friedrich Steimann and Thomas Pawlitzki and Sven Apel and Christian K{\"a}stner", title = "Types and modularity for implicit invocation with implicit announcement", journal = j-TOSEM, volume = "20", number = "1", pages = "1:1--1:??", month = jun, year = "2010", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1767751.1767752", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Jul 6 16:17:49 MDT 2010", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Through implicit invocation, procedures are called without explicitly referencing them. Implicit announcement adds to this implicitness by not only keeping implicit which procedures are called, but also where or when --- under implicit invocation with implicit announcement, the call site contains no signs of that, or what it calls. Recently, aspect-oriented programming has popularized implicit invocation with implicit announcement as a possibility to separate concerns that lead to interwoven code if conventional programming techniques are used. However, as has been noted elsewhere, as currently implemented it establishes strong implicit dependencies between components, hampering independent software development and evolution. To address this problem, we present a type-based modularization of implicit invocation with implicit announcement that is inspired by how interfaces and exceptions are realized in Java. By extending an existing compiler and by rewriting several programs to make use of our proposed language constructs, we found that the imposed declaration clutter tends to be moderate; in particular, we found that, for general applications of implicit invocation with implicit announcement, fears that programs utilizing our form of modularization become unreasonably verbose are unjustified.", acknowledgement = ack-nhfb, articleno = "1", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "aspect-oriented programming; event-driven programming; Implicit invocation; modularity; publish/subscribe; typing", } @Article{Conboy:2010:MDC, author = "Kieran Conboy and Brian Fitzgerald", title = "Method and developer characteristics for effective agile method tailoring: a study of {XP} expert opinion", journal = j-TOSEM, volume = "20", number = "1", pages = "2:1--2:??", month = jun, year = "2010", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1767751.1767753", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Jul 6 16:17:49 MDT 2010", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "It has long been acknowledged that software methods should be tailored if they are to achieve optimum effect. However comparatively little research has been carried out to date on this topic in general, and more notably, on agile methods in particular. This dearth of evidence in the case of agile methods is especially significant in that it is reasonable to expect that such methods would particularly lend themselves to tailoring. In this research, we present a framework based on interviews with 20 senior software development researchers and a review of the extant literature. The framework is comprised of two sets of factors --- characteristics of the method, and developer practices --- that can improve method tailoring effectiveness. Drawing on the framework, we then interviewed 16 expert XP practitioners to examine the current state and effectiveness of XP tailoring efforts, and to shed light on issues the framework identified as being important. The article concludes with a set of recommendations for research and practice that would advance our understanding of the method tailoring area.", acknowledgement = ack-nhfb, articleno = "2", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "agile method; contingency; engineering; expert opinion; Extreme programming; software development; tailoring; XP", } @Article{Duala-Ekoko:2010:CRD, author = "Ekwa Duala-Ekoko and Martin P. Robillard", title = "Clone region descriptors: {Representing} and tracking duplication in source code", journal = j-TOSEM, volume = "20", number = "1", pages = "3:1--3:??", month = jun, year = "2010", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1767751.1767754", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Jul 6 16:17:49 MDT 2010", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Source code duplication, commonly known as {\em code cloning}, is considered an obstacle to software maintenance because changes to a cloned region often require consistent changes to other regions of the source code. Research has provided evidence that the elimination of clones may not always be practical, feasible, or cost-effective. We present a clone management approach that describes clone regions in a robust way that is independent from the exact text of clone regions or their location in a file, and that provides support for tracking clones in evolving software. Our technique relies on the concept of abstract {\em clone region descriptors\/} (CRDs), which describe clone regions using a combination of their syntactic, structural, and lexical information. We present our definition of CRDs, and describe a clone tracking system capable of producing CRDs from the output of different clone detection tools, notifying developers of modifications to clone regions, and supporting updates to the documented clone relationships. We evaluated the performance and usefulness of our approach across three clone detection tools and five subject systems, and the results indicate that CRDs are a practical and robust representation for tracking code clones in evolving software.", acknowledgement = ack-nhfb, articleno = "3", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "clone detection; clone management; code clones; refactoring; Source code duplication", } @Article{Ko:2010:EAW, author = "Andrew J. Ko and Brad A. Myers", title = "Extracting and answering why and why not questions about {Java} program output", journal = j-TOSEM, volume = "20", number = "2", pages = "4:1--4:??", month = aug, year = "2010", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1824760.1824761", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Sep 8 18:47:44 MDT 2010", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "When software developers want to understand the reason for a program's behavior, they must translate their questions about the behavior into a series of questions about code, speculating about the causes in the process. The Whyline is a new kind of debugging tool that avoids such speculation by instead enabling developers to select a question about program output from a set of why did and why didn't'' questions extracted from the program's code and execution. The tool then finds one or more possible explanations for the output in question. These explanations are derived using a static and dynamic slicing, precise call graphs, reachability analyses, and new algorithms for determining potential sources of values. Evaluations of the tool on two debugging tasks showed that developers with the Whyline were three times more successful and twice as fast at debugging, compared to developers with traditional breakpoint debuggers. The tool has the potential to simplify debugging and program understanding in many software development contexts.", acknowledgement = ack-nhfb, articleno = "4", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "debugging; questions; Whyline", } @Article{Sullivan:2010:MAO, author = "Kevin Sullivan and William G. Griswold and Hridesh Rajan and Yuanyuan Song and Yuanfang Cai and Macneil Shonle and Nishit Tewari", title = "Modular aspect-oriented design with {XPIs}", journal = j-TOSEM, volume = "20", number = "2", pages = "5:1--5:??", month = aug, year = "2010", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1824760.1824762", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Sep 8 18:47:44 MDT 2010", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "The emergence of aspect-oriented programming (AOP) languages has provided software designers with new mechanisms and strategies for decomposing programs into modules and composing modules into systems. What we do not yet fully understand is how best to use such mechanisms consistent with common modularization objectives such as the comprehensibility of programming code, its parallel development, dependability, and ease of change. The main contribution of this work is a new form of information-hiding interface for AOP that we call the crosscut programming interface, or XPI. XPIs abstract crosscutting behaviors and make these abstractions explicit. XPIs can be used, albeit with limited enforcement of interface rules, with existing AOP languages, such as AspectJ. To evaluate our notion of XPIs, we have applied our XPI-based design methodology to a medium-sized network overlay application called Hypercast. A qualitative and quantitative analysis of existing AO design methods and XPI-based design method shows that our approach produces improvements in program comprehensibility, in opportunities for parallel development, and in the ease when code can be developed and changed.", acknowledgement = ack-nhfb, articleno = "5", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "Aspect-oriented programming; design rules; options", } @Article{Singh:2010:SWE, author = "Param Vir Singh", title = "The small-world effect: {The} influence of macro-level properties of developer collaboration networks on open-source project success", journal = j-TOSEM, volume = "20", number = "2", pages = "6:1--6:??", month = aug, year = "2010", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1824760.1824763", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Sep 8 18:47:44 MDT 2010", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "In this study we investigate the impact of community-level networks --- relationships that exist among developers in an OSS community --- on the productivity of member developers. Specifically, we argue that OSS community networks characterized by {\em small-world\/} properties would positively influence the productivity of the member developers by providing them with speedy and reliable access to more quantity and variety of information and knowledge resources. Specific hypotheses are developed and tested using longitudinal data on a large panel of 4,279 projects from 15 different OSS communities hosted at Sourceforge. Our results suggest that significant variation exists in small-world properties of OSS communities at Sourceforge. After accounting for project, foundry, and time-specific observed and unobserved effects, we found a statistically significant relationship between small-world properties of a community and the technical and commercial success of the software produced by its members. In contrast to the findings of prior research, we also found the lack of a significant relationship between closeness and betweenness centralities of the project teams and their success. These results were robust to a number of controls and model specifications.", acknowledgement = ack-nhfb, articleno = "6", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "collaborative software development; online community; Open source software development; productivity; small world networks; social networks; team formation", } @Article{Dyer:2010:SDA, author = "Robert Dyer and Hridesh Rajan", title = "Supporting dynamic aspect-oriented features", journal = j-TOSEM, volume = "20", number = "2", pages = "7:1--7:??", month = aug, year = "2010", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/1824760.1824764", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Sep 8 18:47:44 MDT 2010", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Dynamic aspect-oriented (AO) features have important software engineering benefits such as allowing unanticipated software evolution and maintenance. It is thus important to efficiently support these features in language implementations. Current implementations incur unnecessary design-time and runtime overhead due to the lack of support in underlying intermediate language (IL) models. To address this problem, we present a flexible and dynamic IL model that we call {\em Nu}. The {\em Nu\/} model provides a higher level of abstraction compared to traditional object-oriented ILs, making it easier to efficiently support dynamic AO features. We demonstrate these benefits by providing an industrial-strength VM implementation for {\em Nu}, by showing translation strategies from dynamic source-level constructs to {\em Nu\/} and by analyzing the performance of the resulting IL code.\par {\em Nu\/}'s VM extends the Sun Hotspot VM interpreter and uses a novel caching mechanism to significantly reduce the amortized costs of join point dispatch. Our evaluation using standard benchmarks shows that the overhead of supporting a dynamic deployment model can be reduced to as little as\approx$1.5\%. {\em Nu\/} provides an improved compilation target for dynamic deployment features, which makes it easier to support such features with corresponding software engineering benefits in software evolution and maintenance and in runtime verification.", acknowledgement = ack-nhfb, articleno = "7", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "aspect-oriented intermediate-languages; aspect-oriented virtual machines; invocation; Nu; weaving", } @Article{Miles:2011:PMD, author = "Simon Miles and Paul Groth and Steve Munroe and Luc Moreau", title = "{PrIMe}: a methodology for developing provenance-aware applications", journal = j-TOSEM, volume = "20", number = "3", pages = "8:1--8:??", month = aug, year = "2011", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2000791.2000792", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Aug 23 18:32:12 MDT 2011", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Provenance refers to the past processes that brought about a given (version of an) object, item or entity. By knowing the provenance of data, users can often better understand, trust, reproduce, and validate it. A provenance-aware application has the functionality to answer questions regarding the provenance of the data it produces, by using documentation of past processes. PrIMe is a software engineering technique for adapting application designs to enable them to interact with a provenance middleware layer, thereby making them provenance-aware.", acknowledgement = ack-nhfb, articleno = "8", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Chen:2011:TDB, author = "Jinjun Chen and Yun Yang", title = "Temporal dependency-based checkpoint selection for dynamic verification of temporal constraints in scientific workflow systems", journal = j-TOSEM, volume = "20", number = "3", pages = "9:1--9:??", month = aug, year = "2011", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2000791.2000793", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Aug 23 18:32:12 MDT 2011", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "In a scientific workflow system, a checkpoint selection strategy is used to select checkpoints along scientific workflow execution for verifying temporal constraints so that we can identify any temporal violations and handle them in time in order to ensure overall temporal correctness of the execution that is often essential for the usefulness of execution results. The problem of existing representative strategies is that they do not differentiate temporal constraints as, once a checkpoint is selected, they verify all temporal constraints. However, such a checkpoint does not need to be taken for those constraints whose consistency can be deduced from others. The corresponding verification of such constraints is consequently unnecessary and can severely impact overall temporal verification efficiency while the efficiency determines whether temporal violations can be identified quickly for handling in time.", acknowledgement = ack-nhfb, articleno = "9", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Anvik:2011:REB, author = "John Anvik and Gail C. Murphy", title = "Reducing the effort of bug report triage: Recommenders for development-oriented decisions", journal = j-TOSEM, volume = "20", number = "3", pages = "10:1--10:??", month = aug, year = "2011", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2000791.2000794", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Aug 23 18:32:12 MDT 2011", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "A key collaborative hub for many software development projects is the bug report repository. Although its use can improve the software development process in a number of ways, reports added to the repository need to be triaged. A triager determines if a report is meaningful. Meaningful reports are then organized for integration into the project's development process. To assist triagers with their work, this article presents a machine learning approach to create recommenders that assist with a variety of decisions aimed at streamlining the development process. The recommenders created with this approach are accurate; for instance, recommenders for which developer to assign a report that we have created using this approach have a precision between 70\% and 98\% over five open source projects.", acknowledgement = ack-nhfb, articleno = "10", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Naish:2011:MSB, author = "Lee Naish and Hua Jie Lee and Kotagiri Ramamohanarao", title = "A model for spectra-based software diagnosis", journal = j-TOSEM, volume = "20", number = "3", pages = "11:1--11:??", month = aug, year = "2011", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2000791.2000795", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Aug 23 18:32:12 MDT 2011", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "This article presents an improved approach to assist diagnosis of failures in software (fault localisation) by ranking program statements or blocks in accordance with to how likely they are to be buggy. We present a very simple single-bug program to model the problem. By examining different possible execution paths through this model program over a number of test cases, the effectiveness of different proposed spectral ranking methods can be evaluated in idealised conditions. The results are remarkably consistent to those arrived at empirically using the Siemens test suite and Space benchmarks. The model also helps identify groups of metrics that are equivalent for ranking.", acknowledgement = ack-nhfb, articleno = "11", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Binkley:2011:FTT, author = "David W. Binkley and Mark Harman and Kiran Lakhotia", title = "{FlagRemover}: a testability transformation for transforming loop-assigned flags", journal = j-TOSEM, volume = "20", number = "3", pages = "12:1--12:??", month = aug, year = "2011", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2000791.2000796", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Aug 23 18:32:12 MDT 2011", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Search-Based Testing is a widely studied technique for automatically generating test inputs, with the aim of reducing the cost of software engineering activities that rely upon testing. However, search-based approaches degenerate to random testing in the presence of flag variables, because flags create spikes and plateaux in the fitness landscape. Both these features are known to denote hard optimization problems for all search-based optimization techniques. Several authors have studied flag removal transformations and fitness function refinements to address the issue of flags, but the problem of loop-assigned flags remains unsolved. This article introduces a testability transformation along with a tool that transforms programs with loop-assigned flags into flag-free equivalents, so that existing search-based test data generation approaches can successfully be applied.", acknowledgement = ack-nhfb, articleno = "12", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Chen:2011:RFC, author = "Zhenyu Chen and Tsong Yueh Chen and Baowen Xu", title = "A revisit of fault class hierarchies in general {Boolean} specifications", journal = j-TOSEM, volume = "20", number = "3", pages = "13:1--13:??", month = aug, year = "2011", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2000791.2000797", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Aug 23 18:32:12 MDT 2011", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Recently, Kapoor and Bowen [2007] have extended the works by Kuhn [1999], Tsuchiya and Kikuno [2002], and Lau and Yu [2005]. However, their proofs overlook the possibility that a mutant of the Boolean specifications under test may be equivalent. Hence, each of their fault relationships is either incorrect or has an incorrect proof. In this article, we give counterexamples to the incorrect fault relationships and provide new proofs for the valid fault relationships. Furthermore, a co-stronger fault relation is introduced to establish a new fault class hierarchy for general Boolean specifications.", acknowledgement = ack-nhfb, articleno = "13", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Bauer:2011:RVL, author = "Andreas Bauer and Martin Leucker and Christian Schallhart", title = "Runtime Verification for {LTL} and {TLTL}", journal = j-TOSEM, volume = "20", number = "4", pages = "14:1--14:??", month = sep, year = "2011", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2000799.2000800", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Mon Sep 26 17:32:55 MDT 2011", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "This article studies runtime verification of properties expressed either in lineartime temporal logic (LTL) or timed lineartime temporal logic (TLTL). It classifies runtime verification in identifying its distinguishing features to model checking and testing, respectively. It introduces a three-valued semantics (with truth values true, false, inconclusive) as an adequate interpretation as to whether a partial observation of a running system meets an LTL or TLTL property. For LTL, a conceptually simple monitor generation procedure is given, which is optimal in two respects: First, the size of the generated deterministic monitor is minimal, and, second, the monitor identifies a continuously monitored trace as either satisfying or falsifying a property as early as possible.", acknowledgement = ack-nhfb, articleno = "14", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Nie:2011:MFC, author = "Changhai Nie and Hareton Leung", title = "The Minimal Failure-Causing Schema of Combinatorial Testing", journal = j-TOSEM, volume = "20", number = "4", pages = "15:1--15:??", month = sep, year = "2011", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2000799.2000801", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Mon Sep 26 17:32:55 MDT 2011", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Combinatorial Testing (CT) involves the design of a small test suite to cover the parameter value combinations so as to detect failures triggered by the interactions among these parameters. To make full use of CT and to extend its advantages, this article first gives a model of CT and then presents a theory of the Minimal Failure-causing Schema (MFS), including the concept of the MFS, proof of its existence, some of its properties, and a method of finding the MFS. Then we propose a methodology for CT based on this MFS theory and the existing research. Our MFS-based methodology emphasizes that CT should work on accurate testing requirements, and has the following advantages: (1) Detect failure to the greatest degree with the least cost.", acknowledgement = ack-nhfb, articleno = "15", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Gandhi:2011:DMC, author = "R. A. Gandhi and S. W. Lee", title = "Discovering Multidimensional Correlations among Regulatory Requirements to Understand Risk", journal = j-TOSEM, volume = "20", number = "4", pages = "16:1--16:??", month = sep, year = "2011", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2000799.2000802", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Mon Sep 26 17:32:55 MDT 2011", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Security breaches most often occur due to a cascading effect of failure among security constraints that collectively contribute to overall secure system behavior in a socio-technical environment. Therefore, during security certification activities, analysts must systematically take into account the nexus of causal chains that exist among security constraints imposed by regulatory requirements. Numerous regulatory requirements specified in natural language documents or listed in spreadsheets/databases do not facilitate such analysis. The work presented in this article outlines a stepwise methodology to discover and understand the multidimensional correlations among regulatory requirements for the purpose of understanding the potential for risk due to noncompliance during system operation.", acknowledgement = ack-nhfb, articleno = "16", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Dehlinger:2011:GPP, author = "Josh Dehlinger and Robyn R. Lutz", title = "{Gaia-PL}: a Product Line Engineering Approach for Efficiently Designing Multiagent Systems", journal = j-TOSEM, volume = "20", number = "4", pages = "17:1--17:??", month = sep, year = "2011", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2000799.2000803", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Mon Sep 26 17:32:55 MDT 2011", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Agent-oriented software engineering (AOSE) has provided powerful and natural, high-level abstractions in which software developers can understand, model and develop complex, distributed systems. Yet, the realization of AOSE partially depends on whether agent-based software systems can achieve reductions in development time and cost similar to other reuse-conscious development methods. Specifically, AOSE does not adequately address requirements specifications as reusable assets. Software product line engineering is a reuse technology that supports the systematic development of a set of similar software systems through understanding, controlling, and managing their common, core characteristics and their differing variation points. In this article, we present an extension to the Gaia AOSE methodology, named Gaia-PL (Gaia-Product Line), for agent-based distributed software systems that enables requirements specifications to be easily reused.", acknowledgement = ack-nhfb, articleno = "17", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Maoz:2011:CMS, author = "Shahar Maoz and David Harel and Asaf Kleinbort", title = "A Compiler for Multimodal Scenarios: Transforming {LSCs} into {AspectJ}", journal = j-TOSEM, volume = "20", number = "4", pages = "18:1--18:??", month = sep, year = "2011", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2000799.2000804", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Mon Sep 26 17:32:55 MDT 2011", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "We exploit the main similarity between the aspect-oriented programming paradigm and the inter-object, scenario-based approach to specification, in order to construct a new way of executing systems based on the latter. Specifically, we transform multimodal scenario-based specifications, given in the visual language of live sequence charts (LSC), into what we call scenario aspects, implemented in AspectJ. Unlike synthesis approaches, which attempt to take the inter-object scenarios and construct intra-object state-based per-object specifications or a single controller automaton, we follow the ideas behind the LSC play-out algorithm to coordinate the simultaneous monitoring and direct execution of the specified scenarios. Thus, the structure of the specification is reflected in the structure of the generated code; the high-level inter-object requirements and their structure are not lost in the translation.", acknowledgement = ack-nhfb, articleno = "18", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Dagenais:2011:RAC, author = "Barth{\'e}l{\'e}my Dagenais and Martin P. Robillard", title = "Recommending Adaptive Changes for Framework Evolution", journal = j-TOSEM, volume = "20", number = "4", pages = "19:1--19:??", month = sep, year = "2011", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2000799.2000805", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Mon Sep 26 17:32:55 MDT 2011", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "In the course of a framework's evolution, changes ranging from a simple refactoring to a complete rearchitecture can break client programs. Finding suitable replacements for framework elements that were accessed by a client program and deleted as part of the framework's evolution can be a challenging task. We present a recommendation system, SemDiff, that suggests adaptations to client programs by analyzing how a framework was adapted to its own changes. In a study of the evolution of one open source framework and three client programs, our approach recommended relevant adaptive changes with a high level of precision.", acknowledgement = ack-nhfb, articleno = "19", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Ebnenasir:2011:FSD, author = "Ali Ebnenasir and Sandeep S. Kulkarni", title = "Feasibility of Stepwise Design of Multitolerant Programs", journal = j-TOSEM, volume = "21", number = "1", pages = "1:1--1:??", month = dec, year = "2011", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2063239.2063240", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Dec 20 18:31:08 MST 2011", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "The complexity of designing programs that simultaneously tolerate multiple classes of faults, called multitolerant programs, is in part due to the conflicting nature of the fault tolerance requirements that must be met by a multitolerant program when different types of faults occur. To facilitate the design of multitolerant programs, we present sound and (deterministically) complete algorithms for stepwise design of two families of multitolerant programs in a high atomicity program model, where a process can read and write all program variables in an atomic step. We illustrate that if one needs to design failsafe (respectively, nonmasking) fault tolerance for one class of faults and masking fault tolerance for another class of faults, then a multitolerant program can be designed in separate polynomial-time (in the state space of the fault-intolerant program) steps regardless of the order of addition.", acknowledgement = ack-nhfb, articleno = "1", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Arnold:2011:QER, author = "Matthew Arnold and Martin Vechev and Eran Yahav", title = "{QVM}: An Efficient Runtime for Detecting Defects in Deployed Systems", journal = j-TOSEM, volume = "21", number = "1", pages = "2:1--2:??", month = dec, year = "2011", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2063239.2063241", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Dec 20 18:31:08 MST 2011", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Coping with software defects that occur in the post-deployment stage is a challenging problem: bugs may occur only when the system uses a specific configuration and only under certain usage scenarios. Nevertheless, halting production systems until the bug is tracked and fixed is often impossible. Thus, developers have to try to reproduce the bug in laboratory conditions. Often, the reproduction of the bug takes most of the debugging effort. In this paper we suggest an approach to address this problem by using a specialized runtime environment called Quality Virtual Machine (QVM). QVM efficiently detects defects by continuously monitoring the execution of the application in a production setting.", acknowledgement = ack-nhfb, articleno = "2", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Tilevich:2011:EEP, author = "Eli Tilevich and Sriram Gopal", title = "Expressive and Extensible Parameter Passing for Distributed Object Systems", journal = j-TOSEM, volume = "21", number = "1", pages = "3:1--3:??", month = dec, year = "2011", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2063239.2063242", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Dec 20 18:31:08 MST 2011", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "In modern distributed object systems, reference parameters to a remote method are passed according to their runtime type. This design choice limits the expressiveness, readability, and maintainability of distributed applications. Further, to extend the built-in set of parameter passing semantics of a distributed object system, the programmer has to understand and modify the underlying middleware implementation. To address these design shortcomings, this article presents (i) a declarative and extensible approach to remote parameter passing that decouples parameter passing semantics from parameter types, and (ii) a plugin-based framework, DeXteR, which enables the programmer to extend the built-in set of remote parameter passing semantics, without having to understand or modify the underlying middleware implementation.", acknowledgement = ack-nhfb, articleno = "3", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Sim:2011:HWD, author = "Susan Elliott Sim and Medha Umarji and Sukanya Ratanotayanon and Cristina V. Lopes", title = "How Well Do Search Engines Support Code Retrieval on the {Web}?", journal = j-TOSEM, volume = "21", number = "1", pages = "4:1--4:??", month = dec, year = "2011", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2063239.2063243", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Dec 20 18:31:08 MST 2011", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Software developers search the Web for various kinds of source code for diverse reasons. In a previous study, we found that searches varied along two dimensions: the size of the search target (e.g., block, subsystem, or system) and the motivation for the search (e.g., reference example or as-is reuse). Would each of these kinds of searches require different search technologies? To answer this question, we conducted an experiment with 36 participants to evaluate three diverse approaches (general purpose information retrieval, source code search, and component reuse), as represented by five Web sites (Google, Koders, Krugle, Google Code Search, and SourceForge). The independent variables were search engine, size of search target, and motivation for search.", acknowledgement = ack-nhfb, articleno = "4", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Diep:2011:LBS, author = "Madeline M. Diep and Matthew B. Dwyer and Sebastian Elbaum", title = "Lattice-Based Sampling for Path Property Monitoring", journal = j-TOSEM, volume = "21", number = "1", pages = "5:1--5:??", month = dec, year = "2011", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2063239.2063244", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Dec 20 18:31:08 MST 2011", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Runtime monitoring can provide important insights about a program's behavior and, for simple properties, it can be done efficiently. Monitoring properties describing sequences of program states and events, however, can result in significant runtime overhead. This is particularly critical when monitoring programs deployed at user sites that have low tolerance for overhead. In this paper we present a novel approach to reducing the cost of runtime monitoring of path properties. A set of original properties are composed to form a single integrated property that is then systematically decomposed into a set of properties that encode necessary conditions for property violations. The resulting set of properties forms a lattice whose structure is exploited to select a sample of properties that can lower monitoring cost, while preserving violation detection power relative to the original properties.", acknowledgement = ack-nhfb, articleno = "5", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Erwig:2011:CCR, author = "Martin Erwig and Eric Walkingshaw", title = "The Choice Calculus: a Representation for Software Variation", journal = j-TOSEM, volume = "21", number = "1", pages = "6:1--6:??", month = dec, year = "2011", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2063239.2063245", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Dec 20 18:31:08 MST 2011", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Many areas of computer science are concerned with some form of variation in software---from managing changes to software over time to supporting families of related artifacts. We present the choice calculus, a fundamental representation for software variation that can serve as a common language of discourse for variation research, filling a role similar to the lambda calculus in programming language research. We also develop an associated theory of software variation, including sound transformations of variation artifacts, the definition of strategic normal forms, and a design theory for variation structures, which will support the development of better algorithms and tools.", acknowledgement = ack-nhfb, articleno = "6", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Notkin:2012:E, author = "David Notkin", title = "Editorial", journal = j-TOSEM, volume = "21", number = "2", pages = "7:1--7:??", month = mar, year = "2012", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2089116.2089117", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Mon Mar 19 17:14:21 MDT 2012", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", acknowledgement = ack-nhfb, articleno = "7", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{AlDallal:2012:PMM, author = "Jehad {Al Dallal} and Lionel C. Briand", title = "A Precise Method-Method Interaction-Based Cohesion Metric for Object-Oriented Classes", journal = j-TOSEM, volume = "21", number = "2", pages = "8:1--8:??", month = mar, year = "2012", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2089116.2089118", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Mon Mar 19 17:14:21 MDT 2012", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "The building of highly cohesive classes is an important objective in object-oriented design. Class cohesion refers to the relatedness of the class members, and it indicates one important aspect of the class design quality. A meaningful class cohesion metric helps object-oriented software developers detect class design weaknesses and refactor classes accordingly. Several class cohesion metrics have been proposed in the literature. Most of these metrics are applicable based on low-level design information such as attribute references in methods. Some of these metrics capture class cohesion by counting the number of method pairs that share common attributes. A few metrics measure cohesion more precisely by considering the degree of interaction, through attribute references, between each pair of methods. However, the formulas applied by these metrics to measure the degree of interaction cause the metrics to violate important mathematical properties, thus undermining their construct validity and leading to misleading cohesion measurement. In this paper, we propose a formula that precisely measures the degree of interaction between each pair of methods, and we use it as a basis to introduce a low-level design class cohesion metric (LSCC). We verify that the proposed formula does not cause the metric to violate important mathematical properties. In addition, we provide a mechanism to use this metric as a useful indicator for refactoring weakly cohesive classes, thus showing its usefulness in improving class cohesion. Finally, we empirically validate LSCC. Using four open source software systems and eleven cohesion metrics, we investigate the relationship between LSCC, other cohesion metrics, and fault occurrences in classes. Our results show that LSCC is one of three metrics that explains more accurately the presence of faults in classes. LSCC is the only one among the three metrics to comply with important mathematical properties, and statistical analysis shows it captures a measurement dimension of its own. This suggests that LSCC is a better alternative, when taking into account both theoretical and empirical results, as a measure to guide the refactoring of classes. From a more general standpoint, the results suggest that class quality, as measured in terms of fault occurrences, can be more accurately explained by cohesion metrics that account for the degree of interaction between each pair of methods.", acknowledgement = ack-nhfb, articleno = "8", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Fischbein:2012:WAM, author = "Dario Fischbein and Nicolas D'Ippolito and Greg Brunet and Marsha Chechik and Sebastian Uchitel", title = "Weak Alphabet Merging of Partial Behavior Models", journal = j-TOSEM, volume = "21", number = "2", pages = "9:1--9:??", month = mar, year = "2012", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2089116.2089119", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Mon Mar 19 17:14:21 MDT 2012", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Constructing comprehensive operational models of intended system behavior is a complex and costly task, which can be mitigated by the construction of partial behavior models, providing early feedback and subsequently elaborating them iteratively. However, how should partial behavior models with different viewpoints covering different aspects of behavior be composed? How should partial models of component instances of the same type be put together? In this article, we propose model merging of modal transition systems (MTSs) as a solution to these questions. MTS models are a natural extension of labelled transition systems that support explicit modeling of what is currently unknown about system behavior. We formally define model merging based on weak alphabet refinement, which guarantees property preservation, and show that merging consistent models is a process that should result in a minimal common weak alphabet refinement (MCR). In this article, we provide theoretical results and algorithms that support such a process. Finally, because in practice MTS merging is likely to be combined with other operations over MTSs such as parallel composition, we also study the algebraic properties of merging and apply these, together with the algorithms that support MTS merging, in a case study.", acknowledgement = ack-nhfb, articleno = "9", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Mattsson:2012:AMA, author = "Anders Mattsson and Brian Fitzgerald and Bj{\"o}rn Lundell and Brian Lings", title = "An Approach for Modeling Architectural Design Rules in {UML} and its Application to Embedded Software", journal = j-TOSEM, volume = "21", number = "2", pages = "10:1--10:??", month = mar, year = "2012", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2089116.2089120", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Mon Mar 19 17:14:21 MDT 2012", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Current techniques for modeling software architecture do not provide sufficient support for modeling architectural design rules. This is a problem in the context of model-driven development in which it is assumed that major design artifacts are represented as formal or semi-formal models. This article addresses this problem by presenting an approach to modeling architectural design rules in UML at the abstraction level of the meaning of the rules. The high abstraction level and the use of UML makes the rules both amenable to automation and easy to understand for both architects and developers, which is crucial to deployment in an organization. To provide a proof-of-concept, a tool was developed that validates a system model against the architectural rules in a separate UML model. To demonstrate the feasibility of the approach, the architectural design rules of an existing live industrial-strength system were modeled according to the approach.", acknowledgement = ack-nhfb, articleno = "10", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Kulkarni:2012:GPF, author = "Devdatta Kulkarni and Tanvir Ahmed and Anand Tripathi", title = "A Generative Programming Framework for Context-Aware {CSCW} Applications", journal = j-TOSEM, volume = "21", number = "2", pages = "11:1--11:??", month = mar, year = "2012", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2089116.2089121", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Mon Mar 19 17:14:21 MDT 2012", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "We present a programming framework based on the paradigm of generative application development for building context-aware collaborative applications. In this approach, context-aware applications are implemented using a domain-specific design model, and their execution environment is generated and maintained by the middleware. The key features of this design model include support for context-based service discovery and binding, context-based access control, context-based multiuser coordination, and context-triggered automated task executions. The middleware uses the technique of policy-based specialization for generating application-specific middleware components from the generic middleware components. Through a case-study example, we demonstrate this approach and present the evaluations of the design model and the middleware.", acknowledgement = ack-nhfb, articleno = "11", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Roychoudhury:2012:SMS, author = "Abhik Roychoudhury and Ankit Goel and Bikram Sengupta", title = "Symbolic Message Sequence Charts", journal = j-TOSEM, volume = "21", number = "2", pages = "12:1--12:??", month = mar, year = "2012", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2089116.2089122", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Mon Mar 19 17:14:21 MDT 2012", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Message sequence charts (MSCs) are a widely used visual formalism for scenario-based specifications of distributed reactive systems. In its conventional usage, an MSC captures an interaction snippet between concrete objects in the system. This leads to voluminous specifications when the system contains several objects that are behaviorally similar. MSCs also play an important role in the model-based testing of reactive systems, where they may be used for specifying (partial) system behaviors, describing test generation criteria, or representing test cases. However, since the number of processes in a MSC specification are fixed, model-based testing of systems consisting of process classes may involve a significant amount of rework: for example, reconstructing system models, or regenerating test cases for systems differing only in the number of processes of various types. In this article we propose a scenario-based notation, called symbolic message sequence charts (SMSCs), for modeling, simulation, and testing of process classes. SMSCs are a lightweight syntactic and semantic extension of MSCs where, unlike MSCs, a SMSC lifeline can denote some/all objects from a collection. Our extensions give us substantially more modeling power. Moreover, we present an abstract execution semantics for (structured collections of) SMSCs. This allows us to validate MSC-based system models capturing interactions between large, or even unbounded, number of objects. Finally, we describe a SMSC-based testing methodology for process classes, which allows generation of test cases for new object configurations with minimal rework. Since our SMSC extensions are only concerned with MSC lifelines, we believe that they can be integrated into existing standards such as UML 2.0. We illustrate our SMSC-based framework for modeling, simulation, and testing of process classes using a weather-update controller case-study from NASA.", acknowledgement = ack-nhfb, articleno = "12", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Queralt:2012:VVU, author = "Anna Queralt and Ernest Teniente", title = "Verification and Validation of {UML} Conceptual Schemas with {OCL} Constraints", journal = j-TOSEM, volume = "21", number = "2", pages = "13:1--13:??", month = mar, year = "2012", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2089116.2089123", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Mon Mar 19 17:14:21 MDT 2012", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "To ensure the quality of an information system, it is essential that the conceptual schema that represents the knowledge about its domain is semantically correct. The semantic correctness of a conceptual schema can be seen from two different perspectives. On the one hand, from the point of view of its definition, a conceptual schema must be right. This is ensured by means of verification techniques that check whether the schema satisfies several correctness properties. On the other hand, from the point of view of the requirements that the information system should satisfy, a schema must also be the right one. This is ensured by means of validation techniques, which help the designer understand the exact meaning of a schema and to see whether it corresponds to the requirements. In this article we propose an approach to verify and validate UML conceptual schemas, with arbitrary constraints formalized in OCL. We have also implemented our approach to show its feasibility.", acknowledgement = ack-nhfb, articleno = "13", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Kastner:2012:TCA, author = "Christian K{\"a}stner and Sven Apel and Thomas Th{\"u}m and Gunter Saake", title = "Type checking annotation-based product lines", journal = j-TOSEM, volume = "21", number = "3", pages = "14:1--14:??", month = jun, year = "2012", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2211616.2211617", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Fri Jun 29 18:08:30 MDT 2012", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Software product line engineering is an efficient means of generating a family of program variants for a domain from a single code base. However, because of the potentially high number of possible program variants, it is difficult to test them all and ensure properties like type safety for the entire product line. We present a product-line-aware type system that can type check an entire software product line without generating each variant in isolation. Specifically, we extend the Featherweight Java calculus with feature annotations for product-line development and prove formally that all program variants generated from a well typed product line are well typed. Furthermore, we present a solution to the problem of typing mutually exclusive features. We discuss how results from our formalization helped implement our own product-line tool CIDE for full Java and report of our experience with detecting type errors in four existing software product line implementations.", acknowledgement = ack-nhfb, articleno = "14", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Shonle:2012:FCR, author = "Macneil Shonle and William G. Griswold and Sorin Lerner", title = "A framework for the checking and refactoring of crosscutting concepts", journal = j-TOSEM, volume = "21", number = "3", pages = "15:1--15:??", month = jun, year = "2012", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2211616.2211618", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Fri Jun 29 18:08:30 MDT 2012", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Programmers employ crosscutting concepts, such as design patterns and other programming idioms, when their design ideas cannot be efficiently or effectively modularized in the underlying programming language. As a result, implementations of these crosscutting concepts can be hard to change even when the code is well structured. In this article, we describe Arcum, a system that supports the modular maintenance of crosscutting concepts. Arcum can be used to both check essential constraints of crosscutting concepts and to substitute crosscutting concept implementations with alternative implementations. Arcum is complementary to existing refactoring systems that focus on meaning-preserving program transformations at the programming-language-semantics level, because Arcum focuses on transformations at the conceptual level. We present the underpinnings of the Arcum approach and show how Arcum can be used to address several classical software engineering problems.", acknowledgement = ack-nhfb, articleno = "15", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Fantechi:2012:LVM, author = "Alessandro Fantechi and Stefania Gnesi and Alessandro Lapadula and Franco Mazzanti and Rosario Pugliese and Francesco Tiezzi", title = "A logical verification methodology for service-oriented computing", journal = j-TOSEM, volume = "21", number = "3", pages = "16:1--16:??", month = jun, year = "2012", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2211616.2211619", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Fri Jun 29 18:08:30 MDT 2012", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "We introduce a logical verification methodology for checking behavioral properties of service-oriented computing systems. Service properties are described by means of SocL, a branching-time temporal logic that we have specifically designed for expressing in an effective way distinctive aspects of services, such as, acceptance of a request, provision of a response, correlation among service requests and responses, etc. Our approach allows service properties to be expressed in such a way that they can be independent of service domains and specifications. We show an instantiation of our general methodology that uses the formal language COWS to conveniently specify services and the expressly developed software tool CMC to assist the user in the task of verifying SocL formulas over service specifications. We demonstrate the feasibility and effectiveness of our methodology by means of the specification and analysis of a case study in the automotive domain.", acknowledgement = ack-nhfb, articleno = "16", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Strecker:2012:ADC, author = "Jaymie Strecker and Atif M. Memon", title = "Accounting for defect characteristics in evaluations of testing techniques", journal = j-TOSEM, volume = "21", number = "3", pages = "17:1--17:??", month = jun, year = "2012", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2211616.2211620", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Fri Jun 29 18:08:30 MDT 2012", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "As new software-testing techniques are developed, before they can achieve widespread acceptance, their effectiveness at detecting defects must be evaluated. The most common way of evaluating testing techniques is with empirical studies, in which one or more techniques are tried out on software with known defects. However, the defects used can affect the performance of the techniques. To complicate matters, it is not even clear how to effectively describe or characterize defects. To address these problems, this article describes an experiment architecture for empirically evaluating testing techniques which takes both defect and test-suite characteristics into account. As proof of concept, an experiment on GUI-testing techniques is conducted. It provides evidence that the defect characteristics proposed do help explain defect detection, at least for GUI testing, and it explores the relationship between the coverage of defective code and the detection of defects.", acknowledgement = ack-nhfb, articleno = "17", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Jennings:2012:TPA, author = "Paul Jennings and Arka P. Ghosh and Samik Basu", title = "A two-phase approximation for model checking probabilistic unbounded until properties of probabilistic systems", journal = j-TOSEM, volume = "21", number = "3", pages = "18:1--18:??", month = jun, year = "2012", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2211616.2211621", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Fri Jun 29 18:08:30 MDT 2012", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "We have developed a new approximate probabilistic model-checking method for untimed properties in probabilistic systems, expressed in a probabilistic temporal logic (PCTL, CSL). This method, in contrast to the existing ones, does not require the untimed until properties to be bounded a priori, where the bound refers to the number of discrete steps in the system required to verify the until property. The method consists of two phases. In the first phase, a suitable system- and property-dependent bound$k_0$is obtained automatically. In the second phase, the probability of satisfying the$k_0-bounded until property is computed as the estimate of the probability of satisfying the original unbounded until property. Both phases require only verification of bounded until properties, which can be effectively performed by simulation-based methods. We prove the correctness of the proposed two-phase method and present its optimized implementation in the widely used PRISM model-checking engine. We compare this implementation with sampling-based model-checking techniques implemented in two tools: PRISM and MRMC. We show that for several models these existing tools fail to compute the result, while the two-phase method successfully computes the result efficiently with respect to time and space.", acknowledgement = ack-nhfb, articleno = "18", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Qi:2012:DAD, author = "Dawei Qi and Abhik Roychoudhury and Zhenkai Liang and Kapil Vaswani", title = "{DARWIN}: an approach to debugging evolving programs", journal = j-TOSEM, volume = "21", number = "3", pages = "19:1--19:??", month = jun, year = "2012", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2211616.2211622", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Fri Jun 29 18:08:30 MDT 2012", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Bugs in programs are often introduced when programs evolve from a stable version to a new version. In this article, we propose a new approach called DARWIN for automatically finding potential root causes of such bugs. Given two programs --- a reference program and a modified program --- and an input that fails on the modified program, our approach uses symbolic execution to automatically synthesize a new input that (a) is very similar to the failing input and (b) does not fail. We find the potential cause(s) of failure by comparing control-flow behavior of the passing and failing inputs and identifying code fragments where the control flows diverge. A notable feature of our approach is that it handles hard-to-explain bugs, like code missing errors, by pointing to code in the reference program. We have implemented this approach and conducted experiments using several real-world applications, such as the Apache Web server, libPNG (a library for manipulating PNG images), and TCPflow (a program for displaying data sent through TCP connections). In each of these applications, DARWIN was able to localize bugs with high accuracy. Even though these applications contain several thousands of lines of code, DARWIN could usually narrow down the potential root cause(s) to less than ten lines. In addition, we find that the inputs synthesized by DARWIN provide additional value by revealing other undiscovered errors.", acknowledgement = ack-nhfb, articleno = "19", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Holmes:2012:SPS, author = "Reid Holmes and Robert J. Walker", title = "Systematizing pragmatic software reuse", journal = j-TOSEM, volume = "21", number = "4", pages = "20:1--20:??", month = nov, year = "2012", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2377656.2377657", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Feb 2 06:46:47 MST 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Many software reuse tasks involve reusing source code that was not designed in a manner conducive to those tasks, requiring that ad hoc modifications be applied. Such pragmatic reuse tasks are a reality in disciplined industrial practice; they arise for a variety of organizational and technical reasons. To investigate a pragmatic reuse task, a developer must navigate through, and reason about, source code dependencies in order to identify program elements that are relevant to the task and to decide how those elements should be reused. The developer must then convert his mental model of the task into a set of actions that he can perform. These steps are poorly supported by modern development tools and practices. We provide a model for the process involved in performing a pragmatic reuse task, including the need to capture (mentally or otherwise) the developer's decisions about how each program element should be treated: this is a pragmatic-reuse plan. We provide partial support for this model via a tool suite, called Gilligan; other parts of the model are supported via standard IDE tools. Using a pragmatic-reuse plan, Gilligan can semiautomatically transform the selected source code from its originating system and integrate it into the developer's system. We have evaluated Gilligan through a series of case studies and experiments (each involving industrial developers) using a variety of source systems and tasks; we report in particular on a previously unpublished, formal experiment. The results show that pragmatic-reuse plans are a robust metaphor for capturing pragmatic reuse intent and that, relative to standard IDE tools, Gilligan can (1) significantly decrease the time that developers require to perform pragmatic reuse tasks, (2) increase the likelihood that developers will successfully complete pragmatic reuse tasks, (3) decrease the time required by developers to identify infeasible reuse tasks, and (4) improve developers' sense of their ability to manage the risk in such tasks.", acknowledgement = ack-nhfb, articleno = "20", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Cai:2012:FMA, author = "Yuanfang Cai and Kevin Sullivan", title = "A formal model for automated software modularity and evolvability analysis", journal = j-TOSEM, volume = "21", number = "4", pages = "21:1--21:??", month = nov, year = "2012", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2377656.2377658", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Feb 2 06:46:47 MST 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Neither the nature of modularity in software design, characterized as a property of the structure of dependencies among design decisions, or its economic value are adequately well understood. One basic problem is that we do not even have a sufficiently clear definition of what it means for one design decision to depend on another. The main contribution of this work is one possible mathematically precise definition of dependency based on an augmented constraint network model. The model provides an end-to-end account of the connection between modularity and its value in terms of options to make adaptive changes in uncertain and changing design spaces. We demonstrate the validity and theoretical utility of the model, showing that it is consistent with, and provides new insights into, several previously published results in design theory.", acknowledgement = ack-nhfb, articleno = "21", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Cimatti:2012:VRH, author = "Alessandro Cimatti and Marco Roveri and Angelo Susi and Stefano Tonetta", title = "Validation of requirements for hybrid systems: a formal approach", journal = j-TOSEM, volume = "21", number = "4", pages = "22:1--22:??", month = nov, year = "2012", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2377656.2377659", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Feb 2 06:46:47 MST 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Flaws in requirements may have unacceptable consequences in the development of safety-critical applications. Formal approaches may help with a deep analysis that takes care of the precise semantics of the requirements. However, the proposed solutions often disregard the problem of integrating the formalization with the analysis, and the underlying logical framework lacks either expressive power, or automation. We propose a new, comprehensive approach for the validation of functional requirements of hybrid systems, where discrete components and continuous components are tightly intertwined. The proposed solution allows to tackle problems of conversion from informal to formal, traceability, automation, user acceptance, and scalability. We build on a new language, othello which is expressive enough to represent various domains of interest, yet allowing efficient procedures for checking the satisfiability. Around this, we propose a structured methodology where: informal requirements are fragmented and categorized according to their role; each fragment is formalized based on its category; specialized formal analysis techniques, optimized for requirements analysis, are finally applied. The approach was the basis of an industrial project aiming at the validation of the European Train Control System (ETCS) requirements specification. During the project a realistic subset of the ETCS specification was formalized and analyzed. The approach was positively assessed by domain experts.", acknowledgement = ack-nhfb, articleno = "22", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Poshyvanyk:2012:CLU, author = "Denys Poshyvanyk and Malcom Gethers and Andrian Marcus", title = "Concept location using formal concept analysis and information retrieval", journal = j-TOSEM, volume = "21", number = "4", pages = "23:1--23:??", month = nov, year = "2012", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2377656.2377660", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Feb 2 06:46:47 MST 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "The article addresses the problem of concept location in source code by proposing an approach that combines Formal Concept Analysis and Information Retrieval. In the proposed approach, Latent Semantic Indexing, an advanced Information Retrieval approach, is used to map textual descriptions of software features or bug reports to relevant parts of the source code, presented as a ranked list of source code elements. Given the ranked list, the approach selects the most relevant attributes from the best ranked documents, clusters the results, and presents them as a concept lattice, generated using Formal Concept Analysis. The approach is evaluated through a large case study on concept location in the source code on six open-source systems, using several hundred features and bugs. The empirical study focuses on the analysis of various configurations of the generated concept lattices and the results indicate that our approach is effective in organizing different concepts and their relationships present in the subset of the search results. In consequence, the proposed concept location method has been shown to outperform a standalone Information Retrieval based concept location technique by reducing the number of irrelevant search results across all the systems and lattice configurations evaluated, potentially reducing the programmers' effort during software maintenance tasks involving concept location.", acknowledgement = ack-nhfb, articleno = "23", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Meneely:2012:VSM, author = "Andrew Meneely and Ben Smith and Laurie Williams", title = "Validating software metrics: a spectrum of philosophies", journal = j-TOSEM, volume = "21", number = "4", pages = "24:1--24:??", month = nov, year = "2012", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2377656.2377661", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Feb 2 06:46:47 MST 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Context. Researchers proposing a new metric have the burden of proof to demonstrate to the research community that the metric is acceptable in its intended use. This burden of proof is provided through the multi-faceted, scientific, and objective process of software metrics validation. Over the last 40 years, however, researchers have debated what constitutes a valid'' metric. Aim. The debate over what constitutes a valid metric centers on software metrics validation criteria. The objective of this article is to guide researchers in making sound contributions to the field of software engineering metrics by providing a practical summary of the metrics validation criteria found in the academic literature. Method. We conducted a systematic literature review that began with 2,288 papers and ultimately focused on 20 papers. After extracting 47 unique validation criteria from these 20 papers, we performed a comparative analysis to explore the relationships amongst the criteria. Results. Our 47 validation criteria represent a diverse view of what constitutes a valid metric. We present an analysis of the criteria's categorization, conflicts, common themes, and philosophical motivations behind the validation criteria. Conclusions. Although the 47 validation criteria are not conflict-free, the diversity of motivations and philosophies behind the validation criteria indicates that metrics validation is complex. Researchers proposing new metrics should consider the applicability of the validation criteria in terms of our categorization and analysis. Rather than arbitrarily choosing validation criteria for each metric, researchers should choose criteria that can confirm that the metric is appropriate for its intended use. We conclude that metrics validation criteria provide answers to questions that researchers have about the merits and limitations of a metric.", acknowledgement = ack-nhfb, articleno = "24", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Kiezun:2012:HSW, author = "Adam Kiezun and Vijay Ganesh and Shay Artzi and Philip J. Guo and Pieter Hooimeijer and Michael D. Ernst", title = "{HAMPI}: a solver for word equations over strings, regular expressions, and context-free grammars", journal = j-TOSEM, volume = "21", number = "4", pages = "25:1--25:??", month = nov, year = "2012", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2377656.2377662", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Feb 2 06:46:47 MST 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Many automatic testing, analysis, and verification techniques for programs can be effectively reduced to a constraint-generation phase followed by a constraint-solving phase. This separation of concerns often leads to more effective and maintainable software reliability tools. The increasing efficiency of off-the-shelf constraint solvers makes this approach even more compelling. However, there are few effective and sufficiently expressive off-the-shelf solvers for string constraints generated by analysis of string-manipulating programs, so researchers end up implementing their own ad-hoc solvers. To fulfill this need, we designed and implemented Hampi, a solver for string constraints over bounded string variables. Users of Hampi specify constraints using regular expressions, context-free grammars, equality between string terms, and typical string operations such as concatenation and substring extraction. Hampi then finds a string that satisfies all the constraints or reports that the constraints are unsatisfiable. We demonstrate Hampi's expressiveness and efficiency by applying it to program analysis and automated testing. We used Hampi in static and dynamic analyses for finding SQL injection vulnerabilities in Web applications with hundreds of thousands of lines of code. We also used Hampi in the context of automated bug finding in C programs using dynamic systematic testing (also known as concolic testing). We then compared Hampi with another string solver, CFGAnalyzer, and show that Hampi is several times faster. Hampi's source code, documentation, and experimental data are available at \path=http://people.csail.mit.edu/akiezun/hampi=", acknowledgement = ack-nhfb, articleno = "25", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Notkin:2013:ELB, author = "David Notkin", title = "Editorial --- looking back", journal = j-TOSEM, volume = "22", number = "1", pages = "1:1--1:??", month = feb, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2430536.2431201", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Mar 2 09:22:48 MST 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", acknowledgement = ack-nhfb, articleno = "1", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Rosenblum:2013:ELF, author = "David S. Rosenblum", title = "Editorial --- looking forward", journal = j-TOSEM, volume = "22", number = "1", pages = "2:1--2:??", month = feb, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2430536.2431202", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Mar 2 09:22:48 MST 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", acknowledgement = ack-nhfb, articleno = "2", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Sun:2013:MVH, author = "Jun Sun and Yang Liu and Jin Song Dong and Yan Liu and Ling Shi and {\'E}tienne Andr{\'e}", title = "Modeling and verifying hierarchical real-time systems using stateful timed {CSP}", journal = j-TOSEM, volume = "22", number = "1", pages = "3:1--3:??", month = feb, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2430536.2430537", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Mar 2 09:22:48 MST 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Modeling and verifying complex real-time systems are challenging research problems. The de facto approach is based on Timed Automata, which are finite state automata equipped with clock variables. Timed Automata are deficient in modeling hierarchical complex systems. In this work, we propose a language called Stateful Timed CSP and an automated approach for verifying Stateful Timed CSP models. Stateful Timed CSP is based on Timed CSP and is capable of specifying hierarchical real-time systems. Through dynamic zone abstraction, finite-state zone graphs can be generated automatically from Stateful Timed CSP models, which are subject to model checking. Like Timed Automata, Stateful Timed CSP models suffer from Zeno runs, that is, system runs that take infinitely many steps within finite time. Unlike Timed Automata, model checking with non-Zenoness in Stateful Timed CSP can be achieved based on the zone graphs. We extend the PAT model checker to support system modeling and verification using Stateful Timed CSP and show its usability/scalability via verification of real-world systems.", acknowledgement = ack-nhfb, articleno = "3", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Demsky:2013:VSF, author = "Brian Demsky and Patrick Lam", title = "Views: {Synthesizing} fine-grained concurrency control", journal = j-TOSEM, volume = "22", number = "1", pages = "4:1--4:??", month = feb, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2430536.2430538", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Mar 2 09:22:48 MST 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Fine-grained locking is often necessary to increase concurrency. Correctly implementing fine-grained locking with today's concurrency primitives can be challenging-race conditions often plague programs with sophisticated locking schemes. We present views, a new approach to concurrency control. Views ease the task of implementing sophisticated locking schemes and provide static checks to automatically detect many data races. A view of an object declares a partial interface, consisting of fields and methods, to the object that the view protects. A view also contains an incompatibility declaration, which lists views that may not be simultaneously held by other threads. A set of view annotations specify which code regions hold a view of an object. Our view compiler performs simple static checks that identify many data races. We pair the basic approach with an inference algorithm that can infer view incompatibility specifications for many applications. We have ported four benchmark applications to use views: portions of Vuze, a BitTorrent client; Mailpuccino, a graphical email client; jphonelite, a VoIP softphone implementation; and TupleSoup, a database. Our experience indicates that views are easy to use, make implementing sophisticated locking schemes simple, and can help eliminate concurrency bugs. We have evaluated the performance of a view implementation of a red-black tree and found that views can significantly improve performance over that of the lock-based implementation.", acknowledgement = ack-nhfb, articleno = "4", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Yue:2013:FTU, author = "Tao Yue and Lionel C. Briand and Yvan Labiche", title = "Facilitating the transition from use case models to analysis models: Approach and experiments", journal = j-TOSEM, volume = "22", number = "1", pages = "5:1--5:??", month = feb, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2430536.2430539", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Mar 2 09:22:48 MST 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Use case modeling, including use case diagrams and use case specifications (UCSs), is commonly applied to structure and document requirements. UCSs are usually structured but unrestricted textual documents complying with a certain use case template. However, because Use Case Models (UCMods) remain essentially textual, ambiguity is inevitably introduced. In this article, we propose a use case modeling approach, called Restricted Use Case Modeling (RUCM), which is composed of a set of well-defined restriction rules and a modified use case template. The goal is two-fold: (1) restrict the way users can document UCSs in order to reduce ambiguity and (2) facilitate the manual derivation of initial analysis models which, when using the Unified Modeling Language (UML), are typically composed of class diagrams, sequence diagrams, and possibly other types of diagrams. Though the proposed restriction rules and template are based on a clear rationale, two main questions need to be investigated. First, do users find them too restrictive or impractical in certain situations? In other words, can users express the same requirements with RUCM as with unrestricted use cases? Second, do the rules and template have a positive, significant impact on the quality of the constructed analysis models? To investigate these questions, we performed and report on two controlled experiments, which evaluate the restriction rules and use case template in terms of (1) whether they are easy to apply while developing UCMods and facilitate the understanding of UCSs, and (2) whether they help users manually derive higher quality analysis models than what can be generated when they are not used, in terms of correctness, completeness, and redundancy. This article reports on the first controlled experiments that evaluate the applicability of restriction rules on use case modeling and their impact on the quality of analysis models. The measures we have defined to characterize restriction rules and the quality of analysis class and sequence diagrams can be reused to perform similar experiments in the future, either with RUCM or other approaches. Results show that the restriction rules are overall easy to apply and that RUCM results into significant improvements over traditional approaches (i.e., with standard templates, without restrictions) in terms of class correctness and class diagram completeness, message correctness and sequence diagram completeness, and understandability of UCSs.", acknowledgement = ack-nhfb, articleno = "5", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Hemmati:2013:ASM, author = "Hadi Hemmati and Andrea Arcuri and Lionel Briand", title = "Achieving scalable model-based testing through test case diversity", journal = j-TOSEM, volume = "22", number = "1", pages = "6:1--6:??", month = feb, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2430536.2430540", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Mar 2 09:22:48 MST 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "The increase in size and complexity of modern software systems requires scalable, systematic, and automated testing approaches. Model-based testing (MBT), as a systematic and automated test case generation technique, is being successfully applied to verify industrial-scale systems and is supported by commercial tools. However, scalability is still an open issue for large systems, as in practice there are limits to the amount of testing that can be performed in industrial contexts. Even with standard coverage criteria, the resulting test suites generated by MBT techniques can be very large and expensive to execute, especially for system level testing on real deployment platforms and network facilities. Therefore, a scalable MBT technique should be flexible regarding the size of the generated test suites and should be easily accommodated to fit resource and time constraints. Our approach is to select a subset of the generated test suite in such a way that it can be realistically executed and analyzed within the time and resource constraints, while preserving the fault revealing power of the original test suite to a maximum extent. In this article, to address this problem, we introduce a family of similarity-based test case selection techniques for test suites generated from state machines. We evaluate 320 different similarity-based selection techniques and then compare the effectiveness of the best similarity-based selection technique with other common selection techniques in the literature. The results based on two industrial case studies, in the domain of embedded systems, show significant benefits and a large improvement in performance when using a similarity-based approach. We complement these analyses with further studies on the scalability of the technique and the effects of failure rate on its effectiveness. We also propose a method to identify optimal tradeoffs between the number of test cases to run and fault detection.", acknowledgement = ack-nhfb, articleno = "6", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Monperrus:2013:DMM, author = "Martin Monperrus and Mira Mezini", title = "Detecting missing method calls as violations of the majority rule", journal = j-TOSEM, volume = "22", number = "1", pages = "7:1--7:??", month = feb, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2430536.2430541", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Mar 2 09:22:48 MST 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "When using object-oriented frameworks it is easy to overlook certain important method calls that are required at particular places in code. In this article, we provide a comprehensive set of empirical facts on this problem, starting from traces of missing method calls in a bug repository. We propose a new system that searches for missing method calls in software based on the other method calls that are observable. Our key insight is that the voting theory concept of majority rule holds for method calls: a call is likely to be missing if there is a majority of similar pieces of code where this call is present. The evaluation shows that the system predictions go further missing method calls and often reveal different kinds of code smells (e.g., violations of API best practices).", acknowledgement = ack-nhfb, articleno = "7", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Huang:2013:SPA, author = "Jeff Huang and Jinguo Zhou and Charles Zhang", title = "Scaling predictive analysis of concurrent programs by removing trace redundancy", journal = j-TOSEM, volume = "22", number = "1", pages = "8:1--8:??", month = feb, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2430536.2430542", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Mar 2 09:22:48 MST 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Predictive trace analysis (PTA) of concurrent programs is powerful in finding concurrency bugs unseen in past program executions. Unfortunately, existing PTA solutions face considerable challenges in scaling to large traces. In this article, we identify that a large percentage of events in the trace are redundant for presenting useful analysis results to the end user. Removing them from the trace can significantly improve the scalability of PTA without affecting the quality of the results. We present a trace redundancy theorem that specifies a redundancy criterion and the soundness guarantee that the PTA results are preserved after removing the redundancy. Based on this criterion, we design and implement TraceFilter, an efficient algorithm that automatically removes redundant events from a trace for the PTA of general concurrency access anomalies. We evaluated TraceFilter on a set of popular concurrent benchmarks as well as real world large server programs. Our experimental results show that TraceFilter is able to significantly improve the scalability of PTA by orders of magnitude, without impairing the analysis result.", acknowledgement = ack-nhfb, articleno = "8", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Dippolito:2013:SNE, author = "Nicol{\'a}s D'ippolito and Victor Braberman and Nir Piterman and Sebasti{\'a}n Uchitel", title = "Synthesizing nonanomalous event-based controllers for liveness goals", journal = j-TOSEM, volume = "22", number = "1", pages = "9:1--9:??", month = feb, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2430536.2430543", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Mar 2 09:22:48 MST 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "We present SGR(1), a novel synthesis technique and methodological guidelines for automatically constructing event-based behavior models. Our approach works for an expressive subset of liveness properties, distinguishes between controlled and monitored actions, and differentiates system goals from environment assumptions. We show that assumptions must be modeled carefully in order to avoid synthesizing anomalous behavior models. We characterize nonanomalous models and propose assumption compatibility, a sufficient condition, as a methodological guideline.", acknowledgement = ack-nhfb, articleno = "9", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Zhang:2013:CDC, author = "Wei Zhang and Chong Sun and Junghee Lim and Shan Lu and Thomas Reps", title = "{ConMem}: Detecting Crash-Triggering Concurrency Bugs through an Effect-Oriented Approach", journal = j-TOSEM, volume = "22", number = "2", pages = "10:1--10:??", month = mar, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2430545.2430546", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Mar 27 05:43:25 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Multicore technology is making concurrent programs increasingly pervasive. Unfortunately, it is difficult to deliver reliable concurrent programs, because of the huge and nondeterministic interleaving space. In reality, without the resources to thoroughly check the interleaving space, critical concurrency bugs can slip into production versions and cause failures in the field. Approaches to making the best use of the limited resources and exposing severe concurrency bugs before software release would be desirable. Unlike previous work that focuses on bugs caused by specific interleavings (e.g., races and atomicity violations), this article targets concurrency bugs that result in one type of severe effect: program crashes. Our study of the error-propagation process of real-world concurrency bugs reveals a common pattern (50\% in our nondeadlock concurrency bug set) that is highly correlated with program crashes. We call this pattern concurrency-memory bugs: buggy interleavings directly cause memory bugs (NULL-pointer-dereferences, dangling-pointers, buffer-overflows, uninitialized-reads) on shared memory objects. Guided by this study, we built ConMem to monitor program execution, analyze memory accesses and synchronizations, and predictively detect these common and severe concurrency-memory bugs. We also built a validator,ConMem-v, to automatically prune false positives by enforcing potential bug-triggering interleavings. We evaluated ConMem using 7 open-source programs with 10 real-world concurrency bugs. ConMem detects more tested bugs (9 out of 10 bugs) than a lock-set-based race detector and an unserializable-interleaving detector, which detect 4 and 6 bugs, respectively, with a false-positive rate about one tenth of the compared tools. ConMem-v further prunes out all the false positives. ConMem has reasonable overhead suitable for development usage.", acknowledgement = ack-nhfb, articleno = "10", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Rosa:2013:BPM, author = "Marcello {La Rosa} and Marlon Dumas and Reina Uba and Remco Dijkman", title = "Business Process Model Merging: An Approach to Business Process Consolidation", journal = j-TOSEM, volume = "22", number = "2", pages = "11:1--11:??", month = mar, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2430545.2430547", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Mar 27 05:43:25 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "This article addresses the problem of constructing consolidated business process models out of collections of process models that share common fragments. The article considers the construction of unions of multiple models (called merged models ) as well as intersections (called digests ). Merged models are intended for analysts who wish to create a model that subsumes a collection of process models --- typically representing variants of the same underlying process --- with the aim of replacing the variants with the merged model. Digests, on the other hand, are intended for analysts who wish to identify the most recurring fragments across a collection of process models, so that they can focus their efforts on optimizing these fragments. The article presents an algorithm for computing merged models and an algorithm for extracting digests from a merged model. The merging and digest extraction algorithms have been implemented and tested against collections of process models taken from multiple application domains. The tests show that the merging algorithm produces compact models and scales up to process models containing hundreds of nodes. Furthermore, a case study conducted in a large insurance company has demonstrated the usefulness of the merging and digest extraction operators in a practical setting.", acknowledgement = ack-nhfb, articleno = "11", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Zheng:2013:PRP, author = "Zibin Zheng and Michael R. Lyu", title = "Personalized Reliability Prediction of {Web} Services", journal = j-TOSEM, volume = "22", number = "2", pages = "12:1--12:??", month = mar, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2430545.2430548", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Mar 27 05:43:25 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Service Oriented Architecture (SOA) is a business-centric IT architectural approach for building distributed systems. Reliability of service-oriented systems heavily depends on the remote Web services as well as the unpredictable Internet connections. Designing efficient and effective reliability prediction approaches of Web services has become an important research issue. In this article, we propose two personalized reliability prediction approaches of Web services, that is, neighborhood-based approach and model-based approach. The neighborhood-based approach employs past failure data of similar neighbors (either service users or Web services) to predict the Web service reliability. On the other hand, the model-based approach fits a factor model based on the available Web service failure data and use this factor model to make further reliability prediction. Extensive experiments are conducted with our real-world Web service datasets, which include about 23 millions invocation results on more than 3,000 real-world Web services. The experimental results show that our proposed reliability prediction approaches obtain better reliability prediction accuracy than other competing approaches.", acknowledgement = ack-nhfb, articleno = "12", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Walkinshaw:2013:ACS, author = "Neil Walkinshaw and Kirill Bogdanov", title = "Automated Comparison of State-Based Software Models in Terms of Their Language and Structure", journal = j-TOSEM, volume = "22", number = "2", pages = "13:1--13:??", month = mar, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2430545.2430549", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Mar 27 05:43:25 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "State machines capture the sequential behavior of software systems. Their intuitive visual notation, along with a range of powerful verification and testing techniques render them an important part of the model-driven software engineering process. There are several situations that require the ability to identify and quantify the differences between two state machines (e.g. to evaluate the accuracy of state machine inference techniques is measured by the similarity of a reverse-engineered model to its reference model). State machines can be compared from two complementary perspectives: (1) In terms of their language --- the externally observable sequences of events that are permitted or not, and (2) in terms of their structure --- the actual states and transitions that govern the behavior. This article describes two techniques to compare models in terms of these two perspectives. It shows how the difference can be quantified and measured by adapting existing binary classification performance measures for the purpose. The approaches have been implemented by the authors, and the implementation is openly available. Feasibility is demonstrated via a case study to compare two real state machine inference approaches. Scalability and accuracy are assessed experimentally with respect to a large collection of randomly synthesized models.", acknowledgement = ack-nhfb, articleno = "13", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Fleming:2013:IFT, author = "Scott D. Fleming and Chris Scaffidi and David Piorkowski and Margaret Burnett and Rachel Bellamy and Joseph Lawrance and Irwin Kwan", title = "An Information Foraging Theory Perspective on Tools for Debugging, Refactoring, and Reuse Tasks", journal = j-TOSEM, volume = "22", number = "2", pages = "14:1--14:??", month = mar, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2430545.2430551", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Mar 27 05:43:25 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Theories of human behavior are an important but largely untapped resource for software engineering research. They facilitate understanding of human developers' needs and activities, and thus can serve as a valuable resource to researchers designing software engineering tools. Furthermore, theories abstract beyond specific methods and tools to fundamental principles that can be applied to new situations. Toward filling this gap, we investigate the applicability and utility of Information Foraging Theory (IFT) for understanding information-intensive software engineering tasks, drawing upon literature in three areas: debugging, refactoring, and reuse. In particular, we focus on software engineering tools that aim to support information-intensive activities, that is, activities in which developers spend time seeking information. Regarding applicability, we consider whether and how the mathematical equations within IFT can be used to explain why certain existing tools have proven empirically successful at helping software engineers. Regarding utility, we applied an IFT perspective to identify recurring design patterns in these successful tools, and consider what opportunities for future research are revealed by our IFT perspective.", acknowledgement = ack-nhfb, articleno = "14", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Chaki:2013:VAI, author = "Sagar Chaki and Christian Schallhart and Helmut Veith", title = "Verification across Intellectual Property Boundaries", journal = j-TOSEM, volume = "22", number = "2", pages = "15:1--15:??", month = mar, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2430545.2430550", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Mar 27 05:43:25 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "In many industries, the importance of software components provided by third-party suppliers is steadily increasing. As the suppliers seek to secure their intellectual property (IP) rights, the customer usually has no direct access to the suppliers' source code, and is able to enforce the use of verification tools only by legal requirements. In turn, the supplier has no means to convince the customer about successful verification without revealing the source code. This article presents an approach to resolve the conflict between the IP interests of the supplier and the quality interests of the customer. We introduce a protocol in which a dedicated server (called the amanat'') is controlled by both parties: the customer controls the verification task performed by the amanat, while the supplier controls the communication channels of the amanat to ensure that the amanat does not leak information about the source code. We argue that the protocol is both practically useful and mathematically sound. As the protocol is based on well-known (and relatively lightweight) cryptographic primitives, it allows a straightforward implementation on top of existing verification tool chains. To substantiate our security claims, we establish the correctness of the protocol by cryptographic reduction proofs.", acknowledgement = ack-nhfb, articleno = "15", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Rosenblum:2013:MDN, author = "David S. Rosenblum", title = "In memoriam: {David Notkin} (1955--2013)", journal = j-TOSEM, volume = "22", number = "3", pages = "16:1--16:??", month = jul, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2491509.2491510", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Jul 27 08:26:00 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", acknowledgement = ack-nhfb, articleno = "16", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Xu:2013:PML, author = "Guoqing Xu and Atanas Rountev", title = "Precise memory leak detection for {Java} software using container profiling", journal = j-TOSEM, volume = "22", number = "3", pages = "17:1--17:??", month = jul, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2491509.2491511", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Jul 27 08:26:00 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/java2010.bib; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "A memory leak in a Java program occurs when object references that are no longer needed are unnecessarily maintained. Such leaks are difficult to detect because static analysis typically cannot precisely identify these redundant references, and existing dynamic leak detection tools track and report fine-grained information about individual objects, producing results that are usually hard to interpret and lack precision. In this article we introduce a novel container-based heap-tracking technique, based on the fact that many memory leaks in Java programs occur due to incorrect uses of containers, leading to containers that keep references to unused data entries. The novelty of the described work is twofold: (1) instead of tracking arbitrary objects and finding leaks by analyzing references to unused objects, the technique tracks only containers and directly identifies the source of the leak, and (2) the technique computes a confidence value for each container based on a combination of its memory consumption and its elements' staleness (time since last retrieval), while previous approaches do not consider such combined metrics. Our experimental results show that the reports generated by the proposed technique can be very precise: for two bugs reported by Sun, a known bug in SPECjbb 2000, and an example bug from IBM developerWorks, the top containers in the reports include the containers that leak memory.", acknowledgement = ack-nhfb, articleno = "17", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Le:2013:MDF, author = "Wei Le and Mary Lou Soffa", title = "{Marple}: {Detecting} faults in path segments using automatically generated analyses", journal = j-TOSEM, volume = "22", number = "3", pages = "18:1--18:??", month = jul, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2491509.2491512", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Jul 27 08:26:00 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Generally, a fault is a property violation at a program point along some execution path. To obtain the path where a fault occurs, we can either run the program or manually identify the execution paths through code inspection. In both of the cases, only a very limited number of execution paths can be examined for a program. This article presents a static framework, Marple, that automatically detects path segments where a fault occurs at a whole program scale. An important contribution of the work is the design of a demand-driven analysis that effectively addresses scalability challenges faced by traditional path-sensitive fault detection. The techniques are made general via a specification language and an algorithm that automatically generates path-based analyses from specifications. The generality is achieved in handling both data- and control-centric faults as well as both liveness and safety properties, enabling the exploitation of fault interactions for diagnosis and efficiency. Our experimental results demonstrate the effectiveness of our techniques in detecting path segments of buffer overflows, integer violations, null-pointer dereferences, and memory leaks. Because we applied an interprocedural, path-sensitive analysis, our static fault detectors generally report better precision than the tools available for comparison. Our demand-driven analyses are shown scalable to deployed applications such as apache, putty, and ffmpeg.", acknowledgement = ack-nhfb, articleno = "18", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Yoo:2013:FLP, author = "Shin Yoo and Mark Harman and David Clark", title = "Fault localization prioritization: Comparing information-theoretic and coverage-based approaches", journal = j-TOSEM, volume = "22", number = "3", pages = "19:1--19:??", month = jul, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2491509.2491513", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Jul 27 08:26:00 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Test case prioritization techniques seek to maximize early fault detection. Fault localization seeks to use test cases already executed to help find the fault location. There is a natural interplay between the two techniques; once a fault is detected, we often switch focus to fault fixing, for which localization may be a first step. In this article we introduce the Fault Localization Prioritization (FLP) problem, which combines prioritization and localization. We evaluate three techniques: a novel FLP technique based on information theory, FLINT (Fault Localization using INformation Theory), that we introduce in this article, a standard Test Case Prioritization (TCP) technique, and a test similarity technique'' used in previous work. Our evaluation uses five different releases of four software systems. The results indicate that FLP and TCP can statistically significantly reduce fault localization costs for 73\% and 76\% of cases, respectively, and that FLINT significantly outperforms similarity-based localization techniques in 52\% of the cases considered in the study.", acknowledgement = ack-nhfb, articleno = "19", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Pradella:2013:BSC, author = "Matteo Pradella and Angelo Morzenti and Pierluigi {San Pietro}", title = "Bounded satisfiability checking of metric temporal logic specifications", journal = j-TOSEM, volume = "22", number = "3", pages = "20:1--20:??", month = jul, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2491509.2491514", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Jul 27 08:26:00 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "We introduce bounded satisfiability checking, a verification technique that extends bounded model checking by allowing also the analysis of a descriptive model, consisting of temporal logic formulae, instead of the more customary operational model, consisting of a state transition system. We define techniques for encoding temporal logic formulae into Boolean logic that support the use of bi-infinite time domain and of metric time operators. In the framework of bounded satisfiability checking, we show how a descriptive model can be refined into an operational one, and how the correctness of such a refinement can be verified for the bounded case, setting the stage for a stepwise system development method based on a bounded model refinement. Finally, we show how the adoption of a modular approach can make the bounded refinement process more manageable and efficient. All introduced concepts are extensively applied to a set of case studies, and thoroughly experimented through Zot, our SAT solver-based verification toolset.", acknowledgement = ack-nhfb, articleno = "20", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Falessi:2013:VDR, author = "Davide Falessi and Lionel C. Briand and Giovanni Cantone and Rafael Capilla and Philippe Kruchten", title = "The value of design rationale information", journal = j-TOSEM, volume = "22", number = "3", pages = "21:1--21:??", month = jul, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2491509.2491515", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Jul 27 08:26:00 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "A complete and detailed (full) Design Rationale Documentation (DRD) could support many software development activities, such as an impact analysis or a major redesign. However, this is typically too onerous for systematic industrial use as it is not cost effective to write, maintain, or read. The key idea investigated in this article is that DRD should be developed only to the extent required to support activities particularly difficult to execute or in need of significant improvement in a particular context. The aim of this article is to empirically investigate the customization of the DRD by documenting only the information items that will probably be required for executing an activity. This customization strategy relies on the hypothesis that the value of a specific DRD information item depends on its category (e.g., assumptions, related requirements, etc.) and on the activity it is meant to support. We investigate this hypothesis through two controlled experiments involving a total of 75 master students as experimental subjects. Results show that the value of a DRD information item significantly depends on its category and, within a given category, on the activity it supports. Furthermore, on average among activities, documenting only the information items that have been required at least half of the time (i.e., the information that will probably be required in the future) leads to a customized DRD containing about half the information items of a full documentation. We expect that such a significant reduction in DRD information should mitigate the effects of some inhibitors that currently prevent practitioners from documenting design decision rationale.", acknowledgement = ack-nhfb, articleno = "21", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Hoffman:2013:TOM, author = "Kevin Hoffman and Patrick Eugster", title = "Trading obliviousness for modularity with cooperative aspect-oriented programming", journal = j-TOSEM, volume = "22", number = "3", pages = "22:1--22:??", month = jul, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2491509.2491516", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Jul 27 08:26:00 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "The potential of aspect-oriented programming to adequately capture crosscutting concerns has yet to be fully realized. For example, authors have detailed significant challenges in creating reusable aspect component libraries. One proposed solution is to introduce Explicit Join Points (EJPs) to increase modularity by reducing obliviousness, enabling a Cooperative Aspect-Oriented Programming (Co-AOP) methodology where base code and aspects synergistically collaborate. This article explores the trade-offs between obliviousness and modularity. We briefly introduce EJPs and Co-AOP, and hypothesize how to balance obliviousness and modularity using Co-AOP. We build upon a prior empirical study to refactor three real-life Java applications to implement the exception handling concern using three distinct strategies: (1) using fully oblivious aspects in AspectJ, (2) using EJPs in a fully explicit fashion, and (3) using EJPs while following the Co-AOP methodology. We study other crosscutting concerns by refactoring a fourth application, JHotDraw. The differences in terms of common code metrics are analyzed, and the impact on modularity is assessed using design structure matrices. Results indicate that the Co-AOP methodology can in many cases significantly improve code quality attributes versus fully oblivious or fully explicit approaches. We conclude with guiding principles on the proper use of EJPs within the Co-AOP methodology.", acknowledgement = ack-nhfb, articleno = "22", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Zhu:2013:ADP, author = "Hong Zhu and Ian Bayley", title = "An algebra of design patterns", journal = j-TOSEM, volume = "22", number = "3", pages = "23:1--23:??", month = jul, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2491509.2491517", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Jul 27 08:26:00 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "In a pattern-oriented software design process, design decisions are made by selecting and instantiating appropriate patterns, and composing them together. In our previous work, we enabled these decisions to be formalized by defining a set of operators on patterns with which instantiations and compositions can be represented. In this article, we investigate the algebraic properties of these operators. We provide and prove a complete set of algebraic laws so that equivalence between pattern expressions can be proven. Furthermore, we define an always-terminating normalization of pattern expression to a canonical form which is unique modulo equivalence in first-order logic. By a case study, the pattern-oriented design of an extensible request-handling framework, we demonstrate two practical applications of the algebraic framework. First, we can prove the correctness of a finished design with respect to the design decisions made and the formal specification of the patterns. Second, we can even derive the design from these components.", acknowledgement = ack-nhfb, articleno = "23", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Balaban:2013:FSU, author = "Mira Balaban and Azzam Maraee", title = "Finite satisfiability of {UML} class diagrams with constrained class hierarchy", journal = j-TOSEM, volume = "22", number = "3", pages = "24:1--24:??", month = jul, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2491509.2491518", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Jul 27 08:26:00 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Models lie at the heart of the emerging model-driven engineering approach. In order to guarantee precise, consistent, and correct models, there is a need for efficient powerful methods for verifying model correctness. Class diagram is the central language within UML. Its correctness problems involve issues of contradiction, namely the consistency problem, and issues of finite instantiation, namely the finite satisfiability problem. This article analyzes the problem of finite satisfiability of class diagrams with class hierarchy constraints and generalization-set constraints. The article introduces the FiniteSat algorithm for efficient detection of finite satisfiability in such class diagrams, and analyzes its limitations in terms of complex hierarchy structures. FiniteSat is strengthened in two directions. First, an algorithm for identification of the cause for a finite satisfiability problem is introduced. Second, a method for propagation of generalization-set constraints in a class diagram is introduced. The propagation method serves as a preprocessing step that improves FiniteSat performance, and helps developers in clarifying intended constraints. These algorithms are implemented in the FiniteSatUSE tool [BGU Modeling Group 2011b], as part of our ongoing effort for constructing a model-level integrated development environment [BGU Modeling Group 2010a].", acknowledgement = ack-nhfb, articleno = "24", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{DeCaso:2013:EBP, author = "Guido {De Caso} and Victor Braberman and Diego Garbervetsky and Sebastian Uchitel", title = "Enabledness-based program abstractions for behavior validation", journal = j-TOSEM, volume = "22", number = "3", pages = "25:1--25:??", month = jul, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2491509.2491519", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Jul 27 08:26:00 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Code artifacts that have nontrivial requirements with respect to the ordering in which their methods or procedures ought to be called are common and appear, for instance, in the form of API implementations and objects. This work addresses the problem of validating if API implementations provide their intended behavior when descriptions of this behavior are informal, partial, or nonexistent. The proposed approach addresses this problem by generating abstract behavior models which resemble typestates. These models are statically computed and encode all admissible sequences of method calls. The level of abstraction at which such models are constructed has shown to be useful for validating code artifacts and identifying findings which led to the discovery of bugs, adjustment of the requirements expected by the engineer to the requirements implicit in the code, and the improvement of available documentation.", acknowledgement = ack-nhfb, articleno = "25", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Marin:2013:UFS, author = "Beatriz Mar{\'\i}n and Giovanni Giachetti and Oscar Pastor and Tanja E. J. Vos and Alain Abran", title = "Using a functional size measurement procedure to evaluate the quality of models in {MDD} environments", journal = j-TOSEM, volume = "22", number = "3", pages = "26:1--26:??", month = jul, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2491509.2491520", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Jul 27 08:26:00 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Models are key artifacts in Model-Driven Development (MDD) methods. To produce high-quality software by using MDD methods, quality assurance of models is of paramount importance. To evaluate the quality of models, defect detection is considered a suitable approach and is usually applied using reading techniques. However, these reading techniques have limitations and constraints, and new techniques are required to improve the efficiency at finding as many defects as possible. This article presents a case study that has been carried out to evaluate the use of a Functional Size Measurement (FSM) procedure in the detection of defects in models of an MDD environment. To do this, we compare the defects and the defect types found by an inspection group with the defects and the defect types found by the FSM procedure. The results indicate that the FSM is useful since it finds all the defects related to a specific defect type, it finds different defect types than an inspection group, and it finds defects related to the correctness and the consistency of the models.", acknowledgement = ack-nhfb, articleno = "26", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Sinnig:2013:UCT, author = "Daniel Sinnig and Patrice Chalin and Ferhat Khendek", title = "Use case and task models: an integrated development methodology and its formal foundation", journal = j-TOSEM, volume = "22", number = "3", pages = "27:1--27:??", month = jul, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2491509.2491521", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Jul 27 08:26:00 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "User Interface (UI) development methods are poorly integrated with standard software engineering practice. The differences in terms of artifacts involved, development philosophies, and lifecycles can often result in inconsistent system and UI specifications leading to duplication of effort and increased maintenance costs. To address such shortcomings, we propose an integrated development methodology for use case and task models. Use cases are generally used to capture functional requirements whereas task models specify the detailed user interactions with the UI. Our methodology can assist practitioners in developing software processes which allow these two kinds of artifacts to be developed in a codependent and integrated manner. We present our methodology, describe its semantic foundations along with a set of formal conformance relations, and introduce an automated verification tool.", acknowledgement = ack-nhfb, articleno = "27", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Denaro:2013:TAA, author = "Giovanni Denaro and Mauro Pezz{\e} and Davide Tosi", title = "Test-and-adapt: an approach for improving service interchangeability", journal = j-TOSEM, volume = "22", number = "4", pages = "28:1--28:??", month = oct, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2522920.2522921", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Oct 30 12:18:03 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Service-oriented applications do not fully benefit from standard APIs yet, and many applications fail to use interchangeably all the services that implement a standard service API. This article presents an approach to develop adaptation strategies that improve service interchangeability for service-oriented applications based on standard APIs. In our approach, an adaptation strategy consists of sets of parametric adaptation plans (called test-and-adapt plans), which execute test cases to reveal the occurrence of interchangeability problems, and activate runtime adaptors according to the test results. Throughout this article, we formalize the structure of the parametric test-and-adapt plans and of their execution semantics, present an algorithm for identifying correct execution orders through sets of test-and-adapt plans, provide empirical evidence of the occurrence of interchangeability problems for sample applications and services, and discuss the effectiveness of the approach in terms of avoided failures, runtime overheads and development costs.", acknowledgement = ack-nhfb, articleno = "28", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Martignoni:2013:MTC, author = "Lorenzo Martignoni and Roberto Paleari and Alessandro Reina and Giampaolo Fresi Roglia and Danilo Bruschi", title = "A methodology for testing {CPU} emulators", journal = j-TOSEM, volume = "22", number = "4", pages = "29:1--29:??", month = oct, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2522920.2522922", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Oct 30 12:18:03 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "A CPU emulator is a software system that simulates a hardware CPU. Emulators are widely used by computer scientists for various kind of activities (e.g., debugging, profiling, and malware analysis). Although no theoretical limitation prevents developing an emulator that faithfully emulates a physical CPU, writing a fully featured emulator is a very challenging and error prone task. Modern CISC architectures have a very rich instruction set, some instructions lack proper specifications, and others may have undefined effects in corner cases. This article presents a testing methodology specific for CPU emulators, based on fuzzing. The emulator is stressed'' with specially crafted test cases, to verify whether the CPU is properly emulated or not. Improper behaviors of the emulator are detected by running the same test case concurrently on the emulated and on the physical CPUs and by comparing the state of the two after the execution. Differences in the final state testify defects in the code of the emulator. We implemented this methodology in a prototype (named as EmuFuzzer), analyzed five state-of-the-art IA-32 emulators (QEMU, Valgrind, Pin, BOCHS, and JPC), and found several defects in each of them, some of which can prevent proper execution of programs.", acknowledgement = ack-nhfb, articleno = "29", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Chang:2013:EHH, author = "Herv{\'e} Chang and Leonardo Mariani and Mauro Pezz{\e}", title = "Exception handlers for healing component-based systems", journal = j-TOSEM, volume = "22", number = "4", pages = "30:1--30:??", month = oct, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2522920.2522923", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Oct 30 12:18:03 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "To design effective exception handlers, developers must predict at design time the exceptional events that may occur at runtime, and must implement the corresponding handlers on the basis of their predictions. Designing exception handlers for component-based software systems is particularly difficult because the information required to build handlers is distributed between component and application developers. Component developers know the internal details of the components but ignore the applications, while application developers own the applications but cannot access the details required to implement handlers in components. This article addresses the problem of automatically healing the infield failures that are caused by faulty integration of OTS components. In the article, we propose a technique and a methodology to decouple the tasks of component and application developers, who will be able to share information asynchronously and independently, and communicate implicitly by developing and deploying what we call healing connectors. Component developers implement healing connectors on the basis of information about the integration problems frequently experienced by application developers. Application developers easily and safely install healing connectors in their applications without knowing the internal details of the connectors. Healing connectors heal failures activated by exceptions raised in the OTS components actually deployed in the system. The article defines healing connectors, introduces a methodology to develop and deploy healing connectors, and presents several case studies that indicate that healing connectors are effective, reusable and efficient.", acknowledgement = ack-nhfb, articleno = "30", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Xie:2013:TAR, author = "Xiaoyuan Xie and Tsong Yueh Chen and Fei-Ching Kuo and Baowen Xu", title = "A theoretical analysis of the risk evaluation formulas for spectrum-based fault localization", journal = j-TOSEM, volume = "22", number = "4", pages = "31:1--31:??", month = oct, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2522920.2522924", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Oct 30 12:18:03 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "An important research area of Spectrum-Based Fault Localization (SBFL) is the effectiveness of risk evaluation formulas. Most previous studies have adopted an empirical approach, which can hardly be considered as sufficiently comprehensive because of the huge number of combinations of various factors in SBFL. Though some studies aimed at overcoming the limitations of the empirical approach, none of them has provided a completely satisfactory solution. Therefore, we provide a theoretical investigation on the effectiveness of risk evaluation formulas. We define two types of relations between formulas, namely, equivalent and better. To identify the relations between formulas, we develop an innovative framework for the theoretical investigation. Our framework is based on the concept that the determinant for the effectiveness of a formula is the number of statements with risk values higher than the risk value of the faulty statement. We group all program statements into three disjoint sets with risk values higher than, equal to, and lower than the risk value of the faulty statement, respectively. For different formulas, the sizes of their sets are compared using the notion of subset. We use this framework to identify the maximal formulas which should be the only formulas to be used in SBFL.", acknowledgement = ack-nhfb, articleno = "31", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Qi:2013:PEB, author = "Dawei Qi and Hoang D. T. Nguyen and Abhik Roychoudhury", title = "Path exploration based on symbolic output", journal = j-TOSEM, volume = "22", number = "4", pages = "32:1--32:??", month = oct, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2522920.2522925", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Oct 30 12:18:03 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Efficient program path exploration is important for many software engineering activities such as testing, debugging, and verification. However, enumerating all paths of a program is prohibitively expensive. In this article, we develop a partitioning of program paths based on the program output. Two program paths are placed in the same partition if they derive the output similarly, that is, the symbolic expression connecting the output with the inputs is the same in both paths. Our grouping of paths is gradually created by a smart path exploration. Our experiments show the benefits of the proposed path exploration in test-suite construction. Our path partitioning produces a semantic signature of a program-describing all the different symbolic expressions that the output can assume along different program paths. To reason about changes between program versions, we can therefore analyze their semantic signatures. In particular, we demonstrate the applications of our path partitioning in testing and debugging of software regressions.", acknowledgement = ack-nhfb, articleno = "32", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Tateishi:2013:PIS, author = "Takaaki Tateishi and Marco Pistoia and Omer Tripp", title = "Path- and index-sensitive string analysis based on monadic second-order logic", journal = j-TOSEM, volume = "22", number = "4", pages = "33:1--33:??", month = oct, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2522920.2522926", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Oct 30 12:18:03 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/string-matching.bib; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "We propose a novel technique for statically verifying the strings generated by a program. The verification is conducted by encoding the program in Monadic Second-order Logic (M2L). We use M2L to describe constraints among program variables and to abstract built-in string operations. Once we encode a program in M2L, a theorem prover for M2L, such as MONA, can automatically check if a string generated by the program satisfies a given specification, and if not, exhibit a counterexample. With this approach, we can naturally encode relationships among strings, accounting also for cases in which a program manipulates strings using indices. In addition, our string analysis is path sensitive in that it accounts for the effects of string and Boolean comparisons, as well as regular-expression matches. We have implemented our string analysis algorithm, and used it to augment an industrial security analysis for Web applications by automatically detecting and verifying sanitizers --- methods that eliminate malicious patterns from untrusted strings, making these strings safe to use in security-sensitive operations. On the 8 benchmarks we analyzed, our string analyzer discovered 128 previously unknown sanitizers, compared to 71 sanitizers detected by a previously presented string analysis.", acknowledgement = ack-nhfb, articleno = "33", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Vouillon:2013:SCC, author = "J{\'e}r{\^o}me Vouillon and Roberto {Di Cosmo}", title = "On software component co-installability", journal = j-TOSEM, volume = "22", number = "4", pages = "34:1--34:??", month = oct, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2522920.2522927", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Oct 30 12:18:03 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Modern software systems are built by composing components drawn from large repositories, whose size and complexity is increasing at a very fast pace. A fundamental challenge for the maintainability and the scalability of such software systems is the ability to quickly identify the components that can or cannot be installed together: this is the co-installability problem, which is related to boolean satisfiability and is known to be algorithmically hard. This article develops a novel theoretical framework, based on formally certified semantic preserving graph-theoretic transformations, that allows us to associate to each concrete component repository a much smaller one with a simpler structure, that we call strongly flat, with equivalent co-installability properties. This flat repository can be displayed in a way that provides a concise view of the co-installability issues in the original repository, or used as a basis for various algorithms related to co-installability, like the efficient computation of strong conflicts between components. The proofs contained in this work have been machine checked using the Coq proof assistant.", acknowledgement = ack-nhfb, articleno = "34", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Minku:2013:SEE, author = "Leandro L. Minku and Xin Yao", title = "Software effort estimation as a multiobjective learning problem", journal = j-TOSEM, volume = "22", number = "4", pages = "35:1--35:??", month = oct, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2522920.2522928", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Oct 30 12:18:03 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Ensembles of learning machines are promising for software effort estimation (SEE), but need to be tailored for this task to have their potential exploited. A key issue when creating ensembles is to produce diverse and accurate base models. Depending on how differently different performance measures behave for SEE, they could be used as a natural way of creating SEE ensembles. We propose to view SEE model creation as a multiobjective learning problem. A multiobjective evolutionary algorithm (MOEA) is used to better understand the tradeoff among different performance measures by creating SEE models through the simultaneous optimisation of these measures. We show that the performance measures behave very differently, presenting sometimes even opposite trends. They are then used as a source of diversity for creating SEE ensembles. A good tradeoff among different measures can be obtained by using an ensemble of MOEA solutions. This ensemble performs similarly or better than a model that does not consider these measures explicitly. Besides, MOEA is also flexible, allowing emphasis of a particular measure if desired. In conclusion, MOEA can be used to better understand the relationship among performance measures and has shown to be very effective in creating SEE models.", acknowledgement = ack-nhfb, articleno = "35", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Lizcano:2013:WCA, author = "David Lizcano and Fernando Alonso and Javier Soriano and Genoveva Lopez", title = "A web-centred approach to end-user software engineering", journal = j-TOSEM, volume = "22", number = "4", pages = "36:1--36:??", month = oct, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2522920.2522929", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Oct 30 12:18:03 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "This article addresses one of the major end-user software engineering (EUSE) challenges, namely, how to motivate end users to apply unfamiliar software engineering techniques and activities to achieve their goal: translate requirements into software that meets their needs. EUSE activities are secondary to the goal that the program is helping to achieve and end-user programming is opportunistic. The challenge is then to find ways to incorporate EUSE activities into the existing workflow without users having to make substantial changes to the type of work they do or their priorities. In this article, we set out an approach to EUSE for web-based applications. We also propose a software lifecycle that is consistent with the conditions and priorities of end users without programming skills and is well-aligned with EUSE's characteristic informality, ambiguity and opportunisticness. Users applying this lifecycle manage to find solutions that they would otherwise be unable to identify. They also develop quality products. Users of this approach will not have to be acquainted with software engineering, as a framework will take them through the web-centred EUSE lifecycle step-by-step. We also report a statistical experiment in which users develop web software with and without a framework to guide them through the lifecycle. Its aim is to validate the applicability of our framework-driven lifecycle.", acknowledgement = ack-nhfb, articleno = "36", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Mcmillan:2013:PSR, author = "Collin Mcmillan and Denys Poshyvanyk and Mark Grechanik and Qing Xie and Chen Fu", title = "{Portfolio}: Searching for relevant functions and their usages in millions of lines of code", journal = j-TOSEM, volume = "22", number = "4", pages = "37:1--37:??", month = oct, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2522920.2522930", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Oct 30 12:18:03 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/pagerank.bib; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Different studies show that programmers are more interested in finding definitions of functions and their uses than variables, statements, or ordinary code fragments. Therefore, developers require support in finding relevant functions and determining how these functions are used. Unfortunately, existing code search engines do not provide enough of this support to developers, thus reducing the effectiveness of code reuse. We provide this support to programmers in a code search system called Portfolio that retrieves and visualizes relevant functions and their usages. We have built Portfolio using a combination of models that address surfing behavior of programmers and sharing related concepts among functions. We conducted two experiments: first, an experiment with 49 C/C++ programmers to compare Portfolio to Google Code Search and Koders using a standard methodology for evaluating information-retrieval-based engines; and second, an experiment with 19 Java programmers to compare Portfolio to Koders. The results show with strong statistical significance that users find more relevant functions with higher precision with Portfolio than with Google Code Search and Koders. We also show that by using PageRank, Portfolio is able to rank returned relevant functions more efficiently.", acknowledgement = ack-nhfb, articleno = "37", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", keywords = "PageRank algorithm", } @Article{Wursch:2013:EQF, author = "Michael W{\"u}rsch and Emanuel Giger and Harald C. Gall", title = "Evaluating a query framework for software evolution data", journal = j-TOSEM, volume = "22", number = "4", pages = "38:1--38:??", month = oct, year = "2013", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2522920.2522931", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Oct 30 12:18:03 MDT 2013", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "With the steady advances in tooling to support software engineering, mastering all the features of modern IDEs, version control systems, and project trackers is becoming increasingly difficult. Answering even the most common developer questions can be surprisingly tedious and difficult. In this article we present a user study with 35 subjects to evaluate our quasi-natural language interface that provides access to various facets of the evolution of a software system but requires almost zero learning effort. Our approach is tightly woven into the Eclipse IDE and allows developers to answer questions related to source code, development history, or bug and issue management. The results of our evaluation show that our query interface can outperform classical software engineering tools in terms of correctness, while yielding significant time savings to its users and greatly advancing the state of the art in terms of usability and learnability.", acknowledgement = ack-nhfb, articleno = "38", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Rosenblum:2014:Ea, author = "David S. Rosenblum", title = "Editorial", journal = j-TOSEM, volume = "23", number = "1", pages = "1:1--1:??", month = feb, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2559939", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Feb 15 11:14:44 MST 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", acknowledgement = ack-nhfb, articleno = "1", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Haesevoets:2014:ACS, author = "Robrecht Haesevoets and Danny Weyns and Tom Holvoet", title = "Architecture-centric support for adaptive service collaborations", journal = j-TOSEM, volume = "23", number = "1", pages = "2:1--2:??", month = feb, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2559937", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Feb 15 11:14:44 MST 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "In today's volatile business environments, collaboration between information systems, both within and across company borders, has become essential to success. An efficient supply chain, for example, requires the collaboration of distributed and heterogeneous systems of multiple companies. Developing such collaborative applications and building the supporting information systems poses several engineering challenges. A key challenge is to manage the ever-growing design complexity. In this article, we argue that software architecture should play a more prominent role in the development of collaborative applications. This can help to better manage design complexity by modularizing collaborations and separating concerns. State-of-the-art solutions, however, often lack proper abstractions for modeling collaborations at architectural level or do not reify these abstractions at detailed design and implementation level. Developers, on the other hand, rely on middleware, business process management, and Web services, techniques that mainly focus on low-level infrastructure. To address the problem of managing the design complexity of collaborative applications, we present Macodo. Macodo consists of three complementary parts: (1) a set of abstractions for modeling adaptive collaborations, (2) a set of architectural views, the main contribution of this article, that reify these abstractions at architectural level, and (3) a proof-of-concept middleware infrastructure that supports the architectural abstractions at design and implementation level. We evaluate the architectural views in a controlled experiment. Results show that the use of Macodo can reduce fault density and design complexity, and improve reuse and productivity. The main contributions of this article are illustrated in a supply chain management case.", acknowledgement = ack-nhfb, articleno = "2", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Tappenden:2014:ACC, author = "Andrew F. Tappenden and James Miller", title = "Automated cookie collection testing", journal = j-TOSEM, volume = "23", number = "1", pages = "3:1--3:??", month = feb, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2559936", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Feb 15 11:14:44 MST 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Cookies are used by over 80\% of Web applications utilizing dynamic Web application frameworks. Applications deploying cookies must be rigorously verified to ensure that the application is robust and secure. Given the intense time-to-market pressures faced by modern Web applications, testing strategies that are low cost and automatable are required. Automated Cookie Collection Testing (CCT) is presented, and is empirically demonstrated to be a low-cost and highly effective automated testing solution for modern Web applications. Automatable test oracles and evaluation metrics specifically designed for Web applications are presented, and are shown to be significant diagnostic tests. Automated CCT is shown to detect faults within five real-world Web applications. A case study of over 580 test results for a single application is presented demonstrating that automated CCT is an effective testing strategy. Moreover, CCT is found to detect security bugs in a Web application released into full production.", acknowledgement = ack-nhfb, articleno = "3", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Bavota:2014:ISM, author = "Gabriele Bavota and Malcom Gethers and Rocco Oliveto and Denys Poshyvanyk and Andrea de Lucia", title = "Improving software modularization via automated analysis of latent topics and dependencies", journal = j-TOSEM, volume = "23", number = "1", pages = "4:1--4:??", month = feb, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2559935", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Feb 15 11:14:44 MST 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Oftentimes, during software maintenance the original program modularization decays, thus reducing its quality. One of the main reasons for such architectural erosion is suboptimal placement of source-code classes in software packages. To alleviate this issue, we propose an automated approach to help developers improve the quality of software modularization. Our approach analyzes underlying latent topics in source code as well as structural dependencies to recommend (and explain) refactoring operations aiming at moving a class to a more suitable package. The topics are acquired via Relational Topic Models (RTM), a probabilistic topic modeling technique. The resulting tool, coined as R 3 (Rational Refactoring via RTM), has been evaluated in two empirical studies. The results of the first study conducted on nine software systems indicate that R 3 provides a coupling reduction from 10\% to 30\% among the software modules. The second study with 62 developers confirms that R 3 is able to provide meaningful recommendations (and explanations) for move class refactoring. Specifically, more than 70\% of the recommendations were considered meaningful from a functional point of view.", acknowledgement = ack-nhfb, articleno = "4", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Liu:2014:DWN, author = "Xiao Liu and Yun Yang and Dong Yuan and Jinjun Chen", title = "Do we need to handle every temporal violation in scientific workflow systems?", journal = j-TOSEM, volume = "23", number = "1", pages = "5:1--5:??", month = feb, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2559938", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Feb 15 11:14:44 MST 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Scientific processes are usually time constrained with overall deadlines and local milestones. In scientific workflow systems, due to the dynamic nature of the underlying computing infrastructures such as grid and cloud, execution delays often take place and result in a large number of temporal violations. Since temporal violation handling is expensive in terms of both monetary costs and time overheads, an essential question aroused is do we need to handle every temporal violation in scientific workflow systems?'' The answer would be true'' according to existing works on workflow temporal management which adopt the philosophy similar to the handling of functional exceptions, that is, every temporal violation should be handled whenever it is detected. However, based on our observation, the phenomenon of self-recovery where execution delays can be automatically compensated for by the saved execution time of subsequent workflow activities has been entirely overlooked. Therefore, considering the nonfunctional nature of temporal violations, our answer is not necessarily true.'' To take advantage of self-recovery, this article proposes a novel adaptive temporal violation handling point selection strategy where this phenomenon is effectively utilised to avoid unnecessary temporal violation handling. Based on simulations of both real-world scientific workflows and randomly generated test cases, the experimental results demonstrate that our strategy can significantly reduce the cost on temporal violation handling by over 96\% while maintaining extreme low violation rate under normal circumstances.", acknowledgement = ack-nhfb, articleno = "5", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Mari:2014:MBS, author = "Federico Mari and Igor Melatti and Ivano Salvo and Enrico Tronci", title = "Model-based synthesis of control software from system-level formal specifications", journal = j-TOSEM, volume = "23", number = "1", pages = "6:1--6:??", month = feb, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2559934", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Feb 15 11:14:44 MST 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Many embedded systems are indeed software-based control systems, that is, control systems whose controller consists of control software running on a microcontroller device. This motivates investigation on formal model-based design approaches for automatic synthesis of embedded systems control software. We present an algorithm, along with a tool QKS implementing it, that from a formal model (as a discrete-time linear hybrid system ) of the controlled system ( plant ), implementation specifications (that is, number of bits in the Analog-to-Digital, AD, conversion) and system-level formal specifications (that is, safety and liveness requirements for the closed loop system ) returns correct-by-construction control software that has a Worst-Case Execution Time (WCET) linear in the number of AD bits and meets the given specifications. We show feasibility of our approach by presenting experimental results on using it to synthesize control software for a buck DC-DC converter, a widely used mixed-mode analog circuit, and for the inverted pendulum.", acknowledgement = ack-nhfb, articleno = "6", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Bodden:2014:JPI, author = "Eric Bodden and {\'E}ric Tanter and Milton Inostroza", title = "Join point interfaces for safe and flexible decoupling of aspects", journal = j-TOSEM, volume = "23", number = "1", pages = "7:1--7:??", month = feb, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2559933", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Feb 15 11:14:44 MST 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "In current aspect-oriented systems, aspects usually carry, through their pointcuts, explicit references to the base code. Those references are fragile and hinder important software engineering properties such as modular reasoning and independent evolution of aspects and base code. In this work, we introduce a novel abstraction called Join Point Interface, which, by design, aids modular reasoning and independent evolution by decoupling aspects from base code and by providing a modular type-checking algorithm. Join point interfaces can be used both with implicit announcement through pointcuts, and with explicit announcement, using closure join points. Join point interfaces further offer polymorphic dispatch on join points, with an advice-dispatch semantics akin to multimethods. To support flexible join point matching, we incorporate into our language an earlier proposal for generic advice, and introduce a mechanism for controlled global quantification. We motivate each language feature in detail, showing that it is necessary to obtain a language design that is both type safe and flexible enough to support typical aspect-oriented programming idioms. We have implemented join point interfaces as an open-source extension to AspectJ. A case study on existing aspect-oriented programs supports our design, and in particular shows the necessity of both generic interfaces and some mechanism for global quantification.", acknowledgement = ack-nhfb, articleno = "7", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Masri:2014:PCC, author = "Wes Masri and Rawad Abou Assi", title = "Prevalence of coincidental correctness and mitigation of its impact on fault localization", journal = j-TOSEM, volume = "23", number = "1", pages = "8:1--8:??", month = feb, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2559932", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Feb 15 11:14:44 MST 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Researchers have argued that for failure to be observed the following three conditions must be met:C_R$= the defect was reached;$C_I$= the program has transitioned into an infectious state; and$C_P$= the infection has propagated to the output. Coincidental Correctness (CC) arises when the program produces the correct output while condition$C_R$is met but not$C_P$. We recognize two forms of coincidental correctness, weak and strong. In weak CC,$C_R$is met, whereas$C_I$might or might not be met, whereas in strong CC, both$C_R$and$C_Iare met. In this work we first show that CC is prevalent in both of its forms and demonstrate that it is a safety reducing factor for Coverage-Based Fault Localization (CBFL). We then propose two techniques for cleansing test suites from coincidental correctness to enhance CBFL, given that the test cases have already been classified as failing or passing. We evaluated the effectiveness of our techniques by empirically quantifying their accuracy in identifying weak CC tests. The results were promising, for example, the better performing technique, using 105 test suites and statement coverage, exhibited 9\% false negatives, 30\% false positives, and no false negatives nor false positives in 14.3\% of the test suites. Also using 73 test suites and more complex coverage, the numbers were 12\%, 19\%, and 15\%, respectively.", acknowledgement = ack-nhfb, articleno = "8", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Briand:2014:TSD, author = "Lionel Briand and Davide Falessi and Shiva Nejati and Mehrdad Sabetzadeh and Tao Yue", title = "Traceability and {SysML} design slices to support safety inspections: a controlled experiment", journal = j-TOSEM, volume = "23", number = "1", pages = "9:1--9:??", month = feb, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2559978", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Feb 15 11:14:44 MST 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Certifying safety-critical software and ensuring its safety requires checking the conformance between safety requirements and design. Increasingly, the development of safety-critical software relies on modeling, and the System Modeling Language (SysML) is now commonly used in many industry sectors. Inspecting safety conformance by comparing design models against safety requirements requires safety inspectors to browse through large models and is consequently time consuming and error-prone. To address this, we have devised a mechanism to establish traceability between (functional) safety requirements and SysML design models to extract design slices (model fragments) that filter out irrelevant details but keep enough context information for the slices to be easy to inspect and understand. In this article, we report on a controlled experiment assessing the impact of the traceability and slicing mechanism on inspectors' conformance decisions and effort. Results show a significant decrease in effort and an increase in decisions' correctness and level of certainty.", acknowledgement = ack-nhfb, articleno = "9", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Zhou:2014:DSP, author = "Yuming Zhou and Baowen Xu and Hareton Leung and Lin Chen", title = "An in-depth study of the potentially confounding effect of class size in fault prediction", journal = j-TOSEM, volume = "23", number = "1", pages = "10:1--10:??", month = feb, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2556777", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Sat Feb 15 11:14:44 MST 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Background. The extent of the potentially confounding effect of class size in the fault prediction context is not clear, nor is the method to remove the potentially confounding effect, or the influence of this removal on the performance of fault-proneness prediction models. Objective. We aim to provide an in-depth understanding of the effect of class size on the true associations between object-oriented metrics and fault-proneness. Method. We first employ statistical methods to examine the extent of the potentially confounding effect of class size in the fault prediction context. After that, we propose a linear regression-based method to remove the potentially confounding effect. Finally, we empirically investigate whether this removal could improve the prediction performance of fault-proneness prediction models. Results. Based on open-source software systems, we found: (a) the confounding effect of class size on the associations between object-oriented metrics and fault-proneness in general exists; (b) the proposed linear regression-based method can effectively remove the confounding effect; and (c) after removing the confounding effect, the prediction performance of fault prediction models with respect to both ranking and classification can in general be significantly improved. Conclusion. We should remove the confounding effect of class size when building fault prediction models.", acknowledgement = ack-nhfb, articleno = "10", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Rosenblum:2014:Eb, author = "David S. Rosenblum", title = "Editorial", journal = j-TOSEM, volume = "23", number = "2", pages = "11:1--11:??", month = mar, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2581373", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Apr 2 16:21:37 MDT 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", acknowledgement = ack-nhfb, articleno = "11", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Pan:2014:GTG, author = "Kai Pan and Xintao Wu and Tao Xie", title = "Guided test generation for database applications via synthesized database interactions", journal = j-TOSEM, volume = "23", number = "2", pages = "12:1--12:??", month = mar, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2491529", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Apr 2 16:21:37 MDT 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Testing database applications typically requires the generation of tests consisting of both program inputs and database states. Recently, a testing technique called Dynamic Symbolic Execution (DSE) has been proposed to reduce manual effort in test generation for software applications. However, applying DSE to generate tests for database applications faces various technical challenges. For example, the database application under test needs to physically connect to the associated database, which may not be available for various reasons. The program inputs whose values are used to form the executed queries are not treated symbolically, posing difficulties for generating valid database states or appropriate database states for achieving high coverage of query-result-manipulation code. To address these challenges, in this article, we propose an approach called SynDB that synthesizes new database interactions to replace the original ones from the database application under test. In this way, we bridge various constraints within a database application: query-construction constraints, query constraints, database schema constraints, and query-result-manipulation constraints. We then apply a state-of-the-art DSE engine called Pex for .NET from Microsoft Research to generate both program inputs and database states. The evaluation results show that tests generated by our approach can achieve higher code coverage than existing test generation approaches for database applications.", acknowledgement = ack-nhfb, articleno = "12", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Scanniello:2014:IUA, author = "Giuseppe Scanniello and Carmine Gravino and Marcela Genero and Jose' A. Cruz-Lemus and Genoveffa Tortora", title = "On the impact of {UML} analysis models on source-code comprehensibility and modifiability", journal = j-TOSEM, volume = "23", number = "2", pages = "13:1--13:??", month = mar, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2491912", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Apr 2 16:21:37 MDT 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "We carried out a family of experiments to investigate whether the use of UML models produced in the requirements analysis process helps in the comprehensibility and modifiability of source code. The family consists of a controlled experiment and 3 external replications carried out with students and professionals from Italy and Spain. 86 participants with different abilities and levels of experience with UML took part. The results of the experiments were integrated through the use of meta-analysis. The results of both the individual experiments and meta-analysis indicate that UML models produced in the requirements analysis process influence neither the comprehensibility of source code nor its modifiability.", acknowledgement = ack-nhfb, articleno = "13", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Fritz:2014:DKM, author = "Thomas Fritz and Gail C. Murphy and Emerson Murphy-Hill and Jingwen Ou and Emily Hill", title = "Degree-of-knowledge: Modeling a developer's knowledge of code", journal = j-TOSEM, volume = "23", number = "2", pages = "14:1--14:??", month = mar, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2512207", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Apr 2 16:21:37 MDT 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "As a software system evolves, the system's codebase constantly changes, making it difficult for developers to answer such questions as who is knowledgeable about particular parts of the code or who needs to know about changes made. In this article, we show that an externalized model of a developer's individual knowledge of code can make it easier for developers to answer such questions. We introduce a degree-of-knowledge model that computes automatically, for each source-code element in a codebase, a real value that represents a developer's knowledge of that element based on a developer's authorship and interaction data. We present evidence that shows that both authorship and interaction data of the code are important in characterizing a developer's knowledge of code. We report on the usage of our model in case studies on expert finding, knowledge transfer, and identifying changes of interest. We show that our model improves upon an existing expertise-finding approach and can accurately identify changes for which a developer should likely be aware. We discuss how our model may provide a starting point for knowledge transfer but that more refinement is needed. Finally, we discuss the robustness of the model across multiple development sites.", acknowledgement = ack-nhfb, articleno = "14", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Lu:2014:RBS, author = "Lunjin Lu and Dae-Kyoo Kim", title = "Required behavior of sequence diagrams: Semantics and conformance", journal = j-TOSEM, volume = "23", number = "2", pages = "15:1--15:??", month = mar, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2523108", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Apr 2 16:21:37 MDT 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Many reusable software artifacts such as design patterns and design aspects make use of UML sequence diagrams to describe interaction behaviors. When a pattern or an aspect is reused in an application, it is important to ensure that the sequence diagrams for the application conform to the corresponding sequence diagrams for the pattern or aspect. Reasoning about conformance relationship between sequence diagrams has not been addressed adequately in literature. In this article, we focus on required behaviors specified by a UML sequence diagram and provide a semantic-based formalization of conformance relationships between sequence diagrams. A novel trace semantics is first given that captures precisely required behaviors. A refinement relation between sequence diagrams is then defined based on the semantics. The refinement relation allows a sequence diagram to be refined by changing its structure so long as its required behaviors are preserved. A conformance relation between sequence diagrams is finally given that includes the refinement relation as a special case. It allows one to introduce and rename lifelines, messages, and system variables when reusing sequence diagrams. Properties of the semantics, refinement, and conformance relations are studied. Two case studies are provided to illustrate the efficacy of semantic-based conformance reasoning.", acknowledgement = ack-nhfb, articleno = "15", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Unterkalmsteiner:2014:TRE, author = "M. Unterkalmsteiner and R. Feldt and T. Gorschek", title = "A taxonomy for requirements engineering and software test alignment", journal = j-TOSEM, volume = "23", number = "2", pages = "16:1--16:??", month = mar, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2523088", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Apr 2 16:21:37 MDT 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Requirements Engineering and Software Testing are mature areas and have seen a lot of research. Nevertheless, their interactions have been sparsely explored beyond the concept of traceability. To fill this gap, we propose a definition of requirements engineering and software test (REST) alignment, a taxonomy that characterizes the methods linking the respective areas, and a process to assess alignment. The taxonomy can support researchers to identify new opportunities for investigation, as well as practitioners to compare alignment methods and evaluate alignment, or lack thereof. We constructed the REST taxonomy by analyzing alignment methods published in literature, iteratively validating the emerging dimensions. The resulting concept of an information dyad characterizes the exchange of information required for any alignment to take place. We demonstrate use of the taxonomy by applying it on five in-depth cases and illustrate angles of analysis on a set of thirteen alignment methods. In addition, we developed an assessment framework (REST-bench), applied it in an industrial assessment, and showed that it, with a low effort, can identify opportunities to improve REST alignment. Although we expect that the taxonomy can be further refined, we believe that the information dyad is a valid and useful construct to understand alignment.", acknowledgement = ack-nhfb, articleno = "16", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Ganesan:2014:AED, author = "Dharmalingam Ganesan and Mikael Lindvall", title = "{ADAM}: External dependency-driven architecture discovery and analysis of quality attributes", journal = j-TOSEM, volume = "23", number = "2", pages = "17:1--17:??", month = mar, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2529998", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Apr 2 16:21:37 MDT 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "This article introduces the Architecture Discovery and Analysis Method (ADAM). ADAM supports the discovery of module and runtime views as well as the analysis of quality attributes, such as testability, performance, and maintainability, of software systems. The premise of ADAM is that the implementation constructs, architecture constructs, concerns, and quality attributes are all influenced by the external entities (e.g., libraries, frameworks, COTS software) used by the system under analysis. The analysis uses such external dependencies to identify, classify, and review a minimal set of key source-code files supported by a knowledge base of the external entities. Given the benefits of analyzing external dependencies as a way to discover architectures and potential risks, it is demonstrated that dependencies to external entities are useful not only for architecture discovery but also for analysis of quality attributes. ADAM is evaluated using the NASA's Space Network Access System (SNAS). The results show that this method offers systematic guidelines for discovering the architecture and locating potential risks (e.g., low testability and decreased performance) that are hidden deep inside the system implementation. Some generally applicable lessons for developers and analysts, as well as threats to validity are also discussed.", acknowledgement = ack-nhfb, articleno = "17", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Stol:2014:KFA, author = "Klaas-Jan Stol and Paris Avgeriou and Muhammad Ali Babar and Yan Lucas and Brian Fitzgerald", title = "Key factors for adopting inner source", journal = j-TOSEM, volume = "23", number = "2", pages = "18:1--18:??", month = mar, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2533685", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Apr 2 16:21:37 MDT 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "A number of organizations have adopted Open Source Software (OSS) development practices to support or augment their software development processes, a phenomenon frequently referred to as Inner Source. However the adoption of Inner Source is not a straightforward issue. Many organizations are struggling with the question of whether Inner Source is an appropriate approach to software development for them in the first place. This article presents a framework derived from the literature on Inner Source, which identifies nine important factors that need to be considered when implementing Inner Source. The framework can be used as a probing instrument to assess an organization on these nine factors so as to gain an understanding of whether or not Inner Source is suitable. We applied the framework in three case studies at Philips Healthcare, Neopost Technologies, and Rolls-Royce, which are all large organizations that have either adopted Inner Source or were planning to do so. Based on the results presented in this article, we outline directions for future research.", acknowledgement = ack-nhfb, articleno = "18", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Harman:2014:ESS, author = "Mark Harman and Jens Krinke and Inmaculada Medina-Bulo and Francisco Palomo-Lozano and Jian Ren and Shin Yoo", title = "Exact scalable sensitivity analysis for the next release problem", journal = j-TOSEM, volume = "23", number = "2", pages = "19:1--19:??", month = mar, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2537853", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Apr 2 16:21:37 MDT 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "The nature of the requirements analysis problem, based as it is on uncertain and often inaccurate estimates of costs and effort, makes sensitivity analysis important. Sensitivity analysis allows the decision maker to identify those requirements and budgets that are particularly sensitive to misestimation. However, finding scalable sensitivity analysis techniques is not easy because the underlying optimization problem is NP-hard. This article introduces an approach to sensitivity analysis based on exact optimization. We implemented this approach as a tool, O ATSAC, which allowed us to experimentally evaluate the scalability and applicability of Requirements Sensitivity Analysis (RSA). Our results show that OATSAC scales sufficiently well for practical applications in Requirements Sensitivity Analysis. We also show how the sensitivity analysis can yield insights into difficult and otherwise obscure interactions between budgets, requirements costs, and estimate inaccuracies using a real-world case study.", acknowledgement = ack-nhfb, articleno = "19", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Moscato:2014:DTV, author = "Mariano M. Moscato and Carlos G. Lopez Pombo and Marcelo F. Frias", title = "{Dynamite}: a tool for the verification of alloy models based on {PVS}", journal = j-TOSEM, volume = "23", number = "2", pages = "20:1--20:??", month = mar, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2544136", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Wed Apr 2 16:21:37 MDT 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Automatic analysis of Alloy models is supported by the Alloy Analyzer, a tool that translates an Alloy model to a propositional formula that is then analyzed using off-the-shelf SAT solvers. The translation requires user-provided bounds on the sizes of data domains. The analysis is limited by the bounds and is therefore partial. Thus, the Alloy Analyzer may not be appropriate for the analysis of critical applications where more conclusive results are necessary. Dynamite is an extension of PVS that embeds a complete calculus for Alloy. It also includes extensions to PVS that allow one to improve the proof effort by, for instance, automatically analyzing new hypotheses with the aid of the Alloy Analyzer. Since PVS sequents may get cluttered with unnecessary formulas, we use the Alloy unsat-core extraction feature in order to refine proof sequents. An internalization of Alloy's syntax as an Alloy specification allows us to use the Alloy Analyzer for producing witnesses for proving existentially quantified formulas. Dynamite complements the partial automatic analysis offered by the Alloy Analyzer with semi-automatic verification through theorem proving. It also improves the theorem proving experience by using the Alloy Analyzer for early error detection, sequent refinement, and witness generation.", acknowledgement = ack-nhfb, articleno = "20", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Islam:2014:GTC, author = "Mainul Islam and Christoph Csallner", title = "Generating Test Cases for Programs that Are Coded against Interfaces and Annotations", journal = j-TOSEM, volume = "23", number = "3", pages = "21:1--21:??", month = may, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2544135", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Oct 7 19:00:52 MDT 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Automatic test case generation for software programs is very powerful but suffers from a key limitation. That is, most current test case generation techniques fail to cover testee code when covering that code requires additional pieces of code not yet part of the program under test. To address some of these cases, the Pex state-of-the-art test case generator can generate basic mock code. However, current test case generators cannot handle cases in which the code under test uses multiple interfaces, annotations, or reflection. To cover such code in an object-oriented setting, we describe a novel technique for generating test cases and mock classes. The technique consists of collecting constraints on interfaces, annotations, and reflection, combining them with program constraints collected during dynamic symbolic execution, encoding them in a constraint system, solving them with an off-the-shelf constraint solver, and mapping constraint solutions to test cases and custom mock classes. We demonstrate the value of this technique on open-source applications. Our approach covered such third-party code with generated mock classes, while competing approaches failed to cover the code and sometimes produced unintended side-effects such as filling the screen with dialog boxes and writing into the file system.", acknowledgement = ack-nhfb, articleno = "21", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Layman:2014:MER, author = "Lucas Layman and Victor R. Basili and Marvin V. Zelkowitz", title = "A Methodology for Exposing Risk in Achieving Emergent System Properties", journal = j-TOSEM, volume = "23", number = "3", pages = "22:1--22:??", month = may, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2560048", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Oct 7 19:00:52 MDT 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Determining whether systems achieve desired emergent properties, such as safety or reliability, requires an analysis of the system as a whole, often in later development stages when changes are difficult and costly to implement. In this article we propose the Process Risk Indicator (PRI) methodology for analyzing and evaluating emergent properties early in the development cycle. A fundamental assumption of system engineering is that risk mitigation processes reduce system risks, yet these processes may also be a source of risk: (1) processes may not be appropriate for achieving the desired emergent property; or (2) processes may not be followed appropriately. PRI analyzes development process artifacts (e.g., designs pertaining to reliability or safety analysis reports) to quantify process risks that may lead to higher system risk. We applied PRI to the hazard analysis processes of a network-centric, Department of Defense system-of-systems and two NASA spaceflight projects to assess the risk of not achieving one such emergent property, software safety, during the early stages of the development lifecycle. The PRI methodology was used to create measurement baselines for process indicators of software safety risk, to identify risks in the hazard analysis process, and to provide feedback to projects for reducing these risks.", acknowledgement = ack-nhfb, articleno = "22", fjournal = "ACM Transactions on Software Engineering and Methodology", journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J790", } @Article{Xu:2014:SRB, author = "Guoqing Xu and Nick Mitchell and Matthew Arnold and Atanas Rountev and Edith Schonberg and Gary Sevitsky", title = "Scalable Runtime Bloat Detection Using Abstract Dynamic Slicing", journal = j-TOSEM, volume = "23", number = "3", pages = "23:1--23:??", month = may, year = "2014", CODEN = "ATSMER", DOI = "https://doi.org/10.1145/2560047", ISSN = "1049-331X (print), 1557-7392 (electronic)", ISSN-L = "1049-331X", bibdate = "Tue Oct 7 19:00:52 MDT 2014", bibsource = "http://www.acm.org/pubs/contents/journals/tosem/; http://www.math.utah.edu/pub/tex/bib/tosem.bib", abstract = "Many large-scale Java applications suffer from runtime bloat. They execute large volumes of methods and create many temporary objects, all to execute relatively simple operations. There are large opportunities for performance optimizations in these applications, but most are being missed by existing optimization and tooling technology. While JIT optimizations struggle for a few percent improvement, performance experts analyze deployed applications and regularly find gains of 2 \times \$ or more. Finding such big gains is
difficult, for both humans and compilers, because of
the diffuse nature of runtime bloat. Time is spread
thinly across calling contexts, making it difficult to
judge how to improve performance. Our experience shows
that, in order to identify large performance
bottlenecks in a program, it is more important to
understand its dynamic dataflow than traditional
presents a general framework for designing and
implementing scalable analysis algorithms to find
causes of bloat in Java programs. At the heart of this
framework is a generalized form of runtime dependence
graph computed by abstract dynamic slicing, a
semantics-aware technique that achieves high
scalability by performing dynamic slicing over bounded
abstract domains. The framework is instantiated to
create two independent dynamic analyses, copy profiling
and cost-benefit analysis, that help programmers
identify performance bottlenecks by identifying,
respectively, high-volume copy activities and data
structures that have high construction cost but low
benefit for the forward execution. We have successfully
applied these analyses to large-scale and long-running
Java applications. We show that both analyses are
effective at detecting inefficient operations that can
be optimized for better performance. We also
demonstrate that the general framework is flexible
enough to be instantiated for dynamic analyses in a
variety of application domains.",
acknowledgement = ack-nhfb,
articleno =    "23",
fjournal =     "ACM Transactions on Software Engineering and
Methodology",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{deFrancesco:2014:GTE,
author =       "Nicoletta de Francesco and Giuseppe Lettieri and
Antonella Santone and Gigliola Vaglini",
title =        "{GreASE}: a Tool for Efficient {`Nonequivalence''}
Checking",
journal =      j-TOSEM,
volume =       "23",
number =       "3",
pages =        "24:1--24:??",
month =        may,
year =         "2014",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/2560563",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Tue Oct 7 19:00:52 MDT 2014",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "Equivalence checking plays a crucial role in formal
verification to ensure the correctness of concurrent
systems. However, this method cannot be scaled as
easily with the increasing complexity of systems due to
efficient procedure, based on heuristic search, for
checking Milner's strong and weak equivalence; to
achieve higher efficiency, we actually search for a
difference between two processes to be discovered as
soon as possible, thus the heuristics aims to find a
counterexample, even if not the minimum one, to prove
nonequivalence. The presented algorithm builds the
system state graph on-the-fly, during the checking, and
the heuristics promotes the construction of the more
promising subgraph. The heuristic function is syntax
based, but the approach can be applied to different
specification languages such as CCS, LOTOS, and CSP,
provided that the language semantics is based on the
concept of transition. The algorithm to explore the
search space of the problem is based on a greedy
technique; GreASE (Greedy Algorithm for System
Equivalence), the tool supporting the approach, is used
to evaluate the achieved reduction of both state-space
size and time with respect to other verification
environments.",
acknowledgement = ack-nhfb,
articleno =    "24",
fjournal =     "ACM Transactions on Software Engineering and
Methodology",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Behjati:2014:ALC,
author =       "Razieh Behjati and Shiva Nejati and Lionel C. Briand",
title =        "Architecture-Level Configuration of Large-Scale
Embedded Software Systems",
journal =      j-TOSEM,
volume =       "23",
number =       "3",
pages =        "25:1--25:??",
month =        may,
year =         "2014",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/2581376",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Tue Oct 7 19:00:52 MDT 2014",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "Configuration in the domain of Integrated Control
Systems (ICS) is largely manual, laborious, and error
configuration approach that provides automation support
for reducing configuration effort and the likelihood of
configuration errors in the ICS domain. We ground our
approach on component-based specifications of ICS
families. We then develop a configuration algorithm
using constraint satisfaction techniques over finite
domains to generate products that are consistent with
respect to their ICS family specifications. We reason
about the termination and consistency of our
configuration algorithm analytically. We evaluate the
effectiveness of our configuration approach by applying
it to a real subsea oil production system.
Specifically, we have rebuilt a number of existing
verified product configurations of our industry
partner. Our experience shows that our approach can
automatically infer up to 50\% of the configuration
decisions, and reduces the complexity of making
configuration decisions.",
acknowledgement = ack-nhfb,
articleno =    "25",
fjournal =     "ACM Transactions on Software Engineering and
Methodology",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Stolee:2014:SSS,
author =       "Kathryn T. Stolee and Sebastian Elbaum and Daniel
Dobos",
title =        "Solving the Search for Source Code",
journal =      j-TOSEM,
volume =       "23",
number =       "3",
pages =        "26:1--26:??",
month =        may,
year =         "2014",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/2581377",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Tue Oct 7 19:00:52 MDT 2014",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "Programmers frequently search for source code to reuse
using keyword searches. The search effectiveness in
facilitating reuse, however, depends on the
programmer's ability to specify a query that captures
how the desired code may have been implemented.
Further, the results often include many irrelevant
matches that must be filtered manually. More semantic
search approaches could address these limitations, yet
existing approaches are either not flexible enough to
find approximate matches or require the programmer to
define complex specifications as queries. We propose a
novel approach to semantic code search that addresses
several of these limitations and is designed for
queries that can be described using a concrete
input/output example. In this approach, programmers
write lightweight specifications as inputs and expected
output examples. Unlike existing approaches to semantic
search, we use an SMT solver to identify programs or
program fragments in a repository, which have been
automatically transformed into constraints using
symbolic analysis, that match the programmer-provided
specification. We instantiated and evaluated this
approach in subsets of three languages, the Java String
library, Yahoo! Pipes mashup language, and SQL select
statements, exploring its generality, utility, and
trade-offs. The results indicate that this approach is
effective at finding relevant code, can be used on its
own or to filter results from keyword searches to
increase search precision, and is adaptable to find
approximate matches and then guide modifications to
match the user specifications when exact matches do not
already exist. These gains in precision and flexibility
come at the cost of performance, for which underlying
factors and mitigation strategies are identified.",
acknowledgement = ack-nhfb,
articleno =    "26",
fjournal =     "ACM Transactions on Software Engineering and
Methodology",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Rosenblum:2014:E,
author =       "David S. Rosenblum",
title =        "Editorial",
journal =      j-TOSEM,
volume =       "23",
number =       "4",
pages =        "27:1--27:??",
month =        aug,
year =         "2014",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/2656368",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Tue Oct 7 19:00:54 MDT 2014",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
articleno =    "27",
fjournal =     "ACM Transactions on Software Engineering and
Methodology",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

@Article{Murphy:2014:ISI,
author =       "Gail C. Murphy and Mauro Pezz{\'e}",
title =        "Introduction to the Special Issue {International
Conference on Software Engineering (ICSE 2012)}",
journal =      j-TOSEM,
volume =       "23",
number =       "4",
pages =        "28:1--28:??",
month =        aug,
year =         "2014",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/2658849",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Tue Oct 7 19:00:54 MDT 2014",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
acknowledgement = ack-nhfb,
articleno =    "28",
fjournal =     "ACM Transactions on Software Engineering and
Methodology",
journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J790",
}

author =       "Anders M{\o}ller and Mathias Schwarz",
title =        "Automated Detection of Client-State Manipulation
Vulnerabilities",
journal =      j-TOSEM,
volume =       "23",
number =       "4",
pages =        "29:1--29:??",
month =        aug,
year =         "2014",
CODEN =        "ATSMER",
DOI =          "https://doi.org/10.1145/2531921",
ISSN =         "1049-331X (print), 1557-7392 (electronic)",
ISSN-L =       "1049-331X",
bibdate =      "Tue Oct 7 19:00:54 MDT 2014",
bibsource =    "http://www.acm.org/pubs/contents/journals/tosem/;
http://www.math.utah.edu/pub/tex/bib/tosem.bib",
abstract =     "Web application programmers must be aware of a wide
range of potential security risks. Although the most
common pitfalls are well described and categorized in
the literature, it remains a challenging task to ensure
that all guidelines are followed. For this reason, it
is desirable to construct automated tools that can
assist the programmers in the application development
process by detecting weaknesses. Many vulnerabilities
are related to Web application code that stores
references to application state in the generated HTML
documents to work around the statelessness of the HTTP