Project

Back to overview

Agile Software Assistance

Applicant Nierstrasz Oscar
Number 181973
Funding scheme Project funding
Research institution Institut für Informatik Universität Bern
Institution of higher education University of Berne - BE
Main discipline Information Technology
Start/End 01.02.2019 - 31.03.2022
Approved amount 368'517.00
Show all

Keywords (4)

Software analysis; Domain models; Software evolution; Recommender systems

Lay Summary (German)

Lead
Softwareentwickler verbringen typischerweise mehr Zeit damit, Code zu analysieren, als neuen Code zu schreiben. In diesem Projekt untersuchen wir verschiedene Ansätze, um Entwickler bei alltäglichen Entwicklungsaufgaben zu unterstützen.
Lay summary
Entwickler investieren normalerweise viel Zeit in die Suche nach projektspezifischen Informationen, hauptsächlich weil existierende Entwicklungswerkzeuge sich auf das Schreiben von Code konzentrieren, anstatt existierend Software zu analysieren. Anstatt Entwickler auf Emailverteiler und Internetsuchen zu verweisen, wollen wir Entwicklertools soweit erweitern, dass sie die richtigen Informationen zur richtigen Zeit zur Verfügung stellen.

Ein anderes Problem ist die Schwierigkeit, eine momentan entwickelte Applikation mit den eigentlichen Anforderungen in Beziehung zu bringen. Wir plannen, Wege zu untersuchen, wie man Softwaresysteme mit “Ausführbare Domänenmodelle” (“Executable Domain Models”) verbinden kann, d.h. eine Simulation basierend auf den abgebildeten Entitäten der realen Welt. Wir glauben, dieser Ansatz vereinfacht es, Softwaresysteme auf einem aktuellen Stand zu halten, und die Verbindung zwischen Software und deren Anforderungen aufrecht zu erhalten.

Softwarequalität kann für unterschiedliche Arten von Software auf verschiedene Weise definiert werden. Entwickler sind oft überfordert mit den mannigfaltigen Qualitätsanforderungen an moderene Softwaresysteme, wie zum Beispiel die Sicherheit von mobilen Applikationen, oder die gebräuchlichen Konventionen von Softwarebibliotheken aus externen Quellen. Ein pragmatischer Ansatz ist zum Beispiel sogenannte “Code Smells” (Software Gerüche) in Software zu entdecken, und Entwickler auf etwaige Verstösse 
aufmerksam zu machen. Damit dies gut funktioniert, muss es i) einfach sein, “Code Smells” zu entdecken, und ii) Warnungen zu Verstössen müssen klar aufzeigen, wie diese zu beheben sind.

Ausserdem wollen wir Entwickler dabei unterstützen, Code auf neue Platformen zu migrieren. Ein grosser Teil der Zeit, in der Software entwickelt wird, wird nicht für die Implementierung neuer Funktionen aufgewendet, sondern damit, existierenden Code mit neuen Softwarebibliotheken und -platformen kompatibel zu machen. Wir stellen uns einen Ansatz vor, bei dem Platformen die Werkzeuge gleich mitliefern, welche benötigt werden, um alten Code voll- oder teilautomatisiert auf die neue Platform zu migrieren.
Direct link to Lay Summary Last update: 21.11.2018

Responsible applicant and co-applicants

Employees

Project partner

Publications

Publication
An Exploratory Study on the Usage of Gherkin Features in Open-Source Projects
Chandorkar Adwait, Patkar Nitish, Sorbo Andrea Di, Nierstrasz Oscar (2022), An Exploratory Study on the Usage of Gherkin Features in Open-Source Projects, in 5th Workshop on Validation, Analysis and Evolution of Software Tests (VST 2022, co-located with SANE, IEEE, NA.
First-class artifacts as building blocks for live in-IDE documentation
Patkar Nitish, Chis Andrei, Stulova Nataliia, Nierstrasz Oscar (2022), First-class artifacts as building blocks for live in-IDE documentation, in 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), IEEE, NA.
FuzzingDriver: the Missing Dictionary to Increase Code Coverage in Fuzzers
Ebrahim Arash Ale, Hazhirpasand Mohammadreza, Nierstrasz Oscar, Ghafari Mohammad (2022), FuzzingDriver: the Missing Dictionary to Increase Code Coverage in Fuzzers, in 29th edition of the IEEE International Conference on Software Analysis, Evolution and Reengineering , IEEE, NA.
Cryptography Vulnerabilities on HackerOne
Hazhirpasand Mohammadreza, Ghafari Mohammad (2021), Cryptography Vulnerabilities on HackerOne, in 2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS), Hainan, ChinaIEEE, NA.
Crypto Experts Advise What They Adopt
Hazhirpasand Mohammadreza, Ghafari Mohammad, Nierstrasz Oscar (2021), Crypto Experts Advise What They Adopt, in 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW), 179-184, IEEE, NA179-184.
Dazed and Confused: What's Wrong with Crypto Libraries?
Hazhirpasand Mohammadreza, Nierstrasz Oscar, Ghafari Mohammad (2021), Dazed and Confused: What's Wrong with Crypto Libraries?, in 2021 18th International Conference on Privacy, Security and Trust (PST), 1-6, IEEE, NA1-6.
Do Comments follow Commenting Conventions? A Case Study in Java and Python
Rani Pooja, Abukar Suada, Stulova Nataliia, Bergel Alexander, Nierstrasz Oscar (2021), Do Comments follow Commenting Conventions? A Case Study in Java and Python, in 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), IEEE, NA.
How to Identify Class Comment Types? A Multi-language Approach for Class Comment Classification
Rani Pooja, Panichella Sebastiano, Leuenberger Manuel, Di Sorbo Andrea, Nierstrasz Oscar (2021), How to Identify Class Comment Types? A Multi-language Approach for Class Comment Classification, in Journal of Systems and Software, 181, 111047-111047.
Hurdles for Developers in Cryptography
Hazhirpasand Mohammadreza, Nierstrasz Oscar, Shabani Mohammadhossein, Ghafari Mohammad (2021), Hurdles for Developers in Cryptography, in 2021 IEEE International Conference on Software Maintenance and Evolution (ICSME), 659-663, IEEE, NA659-663.
Interactive Behavior-driven Development: a Low-code Perspective
Patkar Nitish, Chis Andrei, Stulova Nataliia, Nierstrasz Oscar (2021), Interactive Behavior-driven Development: a Low-code Perspective, in Proceedings of the 24rd ACM/IEEE International Conference on Model Driven Engineering Languages and , ACM, NA.
Makar: A Framework for Multi-source Studies based on Unstructured Data
Birrer Mathias, Rani Pooja, Panichella Sebastiano, Nierstrasz Oscar (2021), Makar: A Framework for Multi-source Studies based on Unstructured Data, in 2021 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), 577-581, IEEE, NA577-581.
Phish What You Wish
Gadient Pascal, Gerig Pascal, Nierstrasz Oscar, Ghafari Mohammad (2021), Phish What You Wish, in 21st IEEE International Conference on Software Quality, Reliability, and Security (QRS), IEEE, NA.
RepliComment: Identifying Clones in Code Comments
Blasi Arianna, Stulova Nataliia, Gorla Alessandra, Nierstrasz Oscar (2021), RepliComment: Identifying Clones in Code Comments, in Journal of Systems & Software, 111069-111069.
Security Header Fields in HTTP Clients
Gadient Pascal, Nierstrasz Oscar, Ghafari Mohammad (2021), Security Header Fields in HTTP Clients, in 21st IEEE International Conference on Software Quality, Reliability, and Security (QRS), IEEE, NA.
Security Smells Pervade Mobile App Servers
Gadient Pascal, Tarnutzer Marc-Andrea, Nierstrasz Oscar, Ghafari Mohammad (2021), Security Smells Pervade Mobile App Servers, in ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), ACM/IEEE, NA.
Speculative Analysis for Quality Assessment of Code Comments
Rani Pooja (2021), Speculative Analysis for Quality Assessment of Code Comments, in 2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Com, 299-303, IEEE/ACM, NA299-303.
Stopping DNS Rebinding Attacks in the Browser
Hazhirpasand Mohammadreza, Ale Ebrahim Arash, Nierstrasz Oscar (2021), Stopping DNS Rebinding Attacks in the Browser, in Proceedings of the 7th International Conference on Information Systems Security and Privacy - ICISSP, ScitePress, NA.
What do class comments tell us? An investigation of comment evolution and practices in Pharo Smalltalk
Rani Pooja, Panichella Sebastiano, Leuenberger Manuel, Ghafari Mohammad, Nierstrasz Oscar (2021), What do class comments tell us? An investigation of comment evolution and practices in Pharo Smalltalk, in Empirical Software Engineering, 26(6), 1-49.
What Do Developers Discuss about Code Comments?
Rani Pooja, Birrer Mathias, Panichella Sebastiano, Ghafari Mohammad, Nierstrasz Oscar (2021), What Do Developers Discuss about Code Comments?, in 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM), IEEE, NA.
Worrisome Patterns in Developers: A Survey in Cryptography
Hazhirpasand Mohammadreza, Ghafari Mohammad, Nierstrasz Oscar (2021), Worrisome Patterns in Developers: A Survey in Cryptography, in 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW), 185-190, IEEE/ACM, NA185-190.
Caveats in Eliciting Mobile App Requirements
Patkar Nitish, Ghafari Mohammad, Nierstrasz Oscar, Hotomski Sofija (2020), Caveats in Eliciting Mobile App Requirements, in Proceedings of the Evaluation and Assessment in Software Engineering, 180-189, Association for Computing Machinery, NA180-189.
CryptoExplorer: An Interactive Web Platform Supporting Secure Use of Cryptography APIs
Hazhirpasand Mohammadreza, Ghafari Mohammad, Nierstrasz Oscar (2020), CryptoExplorer: An Interactive Web Platform Supporting Secure Use of Cryptography APIs, in 27th edition of the IEEE International Conference on Software Analysis, Evolution and Reengineering , 632-636, IEEE, NA632-636.
Java Cryptography Uses in the Wild
Hazhirpasand Mohammadreza, Ghafari Mohammad, Nierstrasz Oscar (2020), Java Cryptography Uses in the Wild, in Proceedings of the 14th ACM / IEEE International Symposium on Empirical Software Engineering and Mea, ACM/IEEE, NA.
Moldable requirements
Patkar Nitish (2020), Moldable requirements, in Benevol'20, Benevol, NA.
Towards Detecting Inconsistent Comments in Java Source Code Automatically
Stulova Nataliia, Blasi Arianna, Gorla Alessandra, Nierstrasz Oscar (2020), Towards Detecting Inconsistent Comments in Java Source Code Automatically, in 2020 IEEE 20th International Working Conference on Source Code Analysis and Manipulation (SCAM), 65-69, IEEE, NA65-69.
Towards requirements engineering with immersive augmented reality
Patkar Nitish, Merino Leonel, Nierstrasz Oscar (2020), Towards requirements engineering with immersive augmented reality, in Proc. Programming'20 Companion, 55-60, ACM, NA55-60.
Tricking Johnny into Granting Web Permissions
Hazhirpasand Mohammadreza, Ghafari Mohammad, Nierstrasz Oscar (2020), Tricking Johnny into Granting Web Permissions, in Proceedings of the Evaluation and Assessment in Software Engineering, 276-281, ACM, NA276-281.
Web APIs in Android through the Lens of Security
Gadient Pascal, Ghafari Mohammad, Tarnutzer Marc-Andrea, Nierstrasz Oscar (2020), Web APIs in Android through the Lens of Security, in 27th edition of the IEEE International Conference on Software Analysis, Evolution and Reengineering , IEEE, NA.
Exploring Example-driven Migration
Leuenberger Manuel (2019), Exploring Example-driven Migration, in Proceedings of the Conference Companion of the 3rd International Conference on Art, Science, and Eng, ACM, NA.
PerfVis: Pervasive Visualization in Immersive Augmented Reality for Performance Awareness
Merino Leonel, Hess Mario, Bergel Alexandre, Nierstrasz Oscar, Weiskopf Daniel (2019), PerfVis: Pervasive Visualization in Immersive Augmented Reality for Performance Awareness, in Companion of the 2019 ACM/SPEC International Conference on Performance Engineering, 13-16, ACM, NA13-16.
Security Code Smells in Android ICC
Gadient Pascal, Ghafari Mohammad, Frischknecht Patrick, Nierstrasz Oscar (2019), Security Code Smells in Android ICC, in Empirical Software Engineering, 24, 3046-3076.
Testability First!
Ghafari M., Eggiman M., Nierstrasz O. (2019), Testability First!, in 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), 1-6, ACM/IEEE, NA1-6.
The Impact of Developer Experience in Using Java Cryptography
Hazhirpasand M., Ghafari M., Krüger S., Bodden E., Nierstrasz O. (2019), The Impact of Developer Experience in Using Java Cryptography, in 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), 1-6, ACM/IEEE, NA1-6.
Towards a Catalogue of Mobile Elicitation Techniques
Patkar Nitish, Gadient Pascal, Ghafari Mohammad, Nierstrasz Oscar (2019), Towards a Catalogue of Mobile Elicitation Techniques, in 25th International Conference on Requirements Engineering: Foundation for Software Quality (REFSQ), Springer, NA.
VISON: An Ontology-Based Approach for Software Visualization Tool Discoverability
Merino Leonel, Kozlova Ekaterina, Nierstrasz Oscar, Weiskopf Daniel (2019), VISON: An Ontology-Based Approach for Software Visualization Tool Discoverability, in {VISSOFT}'19: Proceedings of the 7th IEEE Working Conference on Software Visualization, IEEE, NA.

Datasets

Moldable Requirements prototype implementation

Author Patkar, Nitish
Publication date 20.12.2021
Persistent Identifier (PID) https://github.com/nitishspatkar/moldable-requirements
Repository Github
Abstract
Source code of the entire implementation of the citizen requirements approach.

BDD specification files: survey scripts and dataset

Author Patkar, Nitish
Publication date 02.01.2022
Persistent Identifier (PID) https://figshare.com/s/bc390cdcb12c11ce14b4
Repository Figshare
Abstract
Scripts and raw data for analysis of open-source BDD projects.

AndroidLintSecurityChecks

Author Gadient, Pascal
Publication date 26.07.2021
Persistent Identifier (PID) https://github.com/pgadient/AndroidLintSecurityChecks
Repository Github
Abstract
A lightweight static analysis tool on top of Android Lint that analyzes the code under development and provides just-in-time feedback within the latest Android Studio IDE about the presence of security smells in the code. Moreover, this tool supports batch processing for large scale app analysis.

Jandrolyzer

Author Gadient, Pascal
Publication date 07.12.2021
Persistent Identifier (PID) https://github.com/pgadient/jandrolyzer
Repository Github
Abstract
A scriptable lightweight tool for reconstructing web API URLs and JSON data structures from Android closed and open-source apps. It supports the validation of found data. Use that feature with care as it could cause issues on API servers.

List of analyzed Mobile App Servers

Author Gadient, Pascal
Publication date 14.07.2021
Persistent Identifier (PID) https://doi.org/10.6084/m9.figshare.14981061
Repository Figshare
Abstract
The list of apps that we analyzed for the paper titled "Security Smells Pervade Mobile App Servers," ESEM, 2021.The closed-source apps have been downloaded from the AndroZoo repository hosted at the University of Luxembourg (https://androzoo.uni.lu/), and the open-source apps have been downloaded from the F-Droid repository (https://f-droid.org/).

Security Header Fields in HTTP Clients: Replication Package

Author Gadient, Pascal
Publication date 30.11.2019
Persistent Identifier (PID) https://figshare.com/s/c57bb34cadcac225cadc
Repository Figshare
Abstract
This is the replication package that contains the collected HTTP header data from the app servers.

Phish What You Wish

Author Gadient, Pascal; Gerig, Pascal
Publication date 19.04.2022
Persistent Identifier (PID) https://github.com/pgadient/PhishWhatYouWish
Repository Github
Abstract
Browser isolation implemented as an image-based HTTP proxy server. Full support is available for all major web browsers and partial support for most mobile web browsers.

What do class comments tell us? An investigation of comment evolution and practices in Pharo Smalltalk

Author Rani, Pooja
Publication date 13.05.2021
Persistent Identifier (PID) https://github.com/poojaruhal/CommentAnalysisInPharo
Repository Github
Abstract
Previous studies have characterized code comments in various programming languages, showing how high quality of code comments is crucial to support program comprehension activities, and to improve the effectiveness of maintenance tasks. However, very few studies have focused on understanding developer practices to write comments. None of them has compared such developer practices to the standard comment guidelines to study the extent to which developers follow the guidelines. This paper reports the first empirical study investigating commenting practices in Pharo Smalltalk. First, we analyze class comment evolution over seven Pharo versions. Then, we quantitatively and qualitatively investigate the information types embedded in class comments. Finally, we study the adherence of developer commenting practices to the official class comment template over Pharo versions.The results of this study show that there is a rapid increase in class comments in the initial three Pharo versions, while in subsequent versions developers added comments to both new and old classes, thus maintaining a similar code to comment ratio. We furthermore found three times as many information types in class comments as those suggested by the template. However, the information types suggested by the template tend to be present more often than other types of information. Additionally, we find that a substantial proportion of comments follow the writing style of the template in writing these information types, but they are written and formatted in a non-uniform way. This suggests the need to standardize the commenting guidelines for formatting the text, and to provide headers for the different information types to ensure a consistent style and to identify the information easily. Given the importance of high-quality code comments, we draw numerous implications for developers and researchers to improve the support for comment quality assessment tools.

Pharo comment analysis using Moose

Author Rani, Pooja
Publication date 30.01.2021
Persistent Identifier (PID) https://doi.org/10.5281/zenodo.3374819
Repository Zenodo
Abstract
This project contains the necessary material to replicate the project. It also contains supplementary data to give better insights into the results.

Replication package for the paper "What do Developers Discuss about Code Comments"

Author Rani, Pooja
Publication date 30.06.2021
Persistent Identifier (PID) https://doi.org/10.5281/zenodo.5044270
Repository Zenodo
Abstract
Replication package for the paper "What do Developers Discuss about Code Comments".

Replication package for the paper "Do Comments follow Commenting Conventions? A case study in Java and Python"

Author Rani, Pooja
Publication date 02.08.2021
Persistent Identifier (PID) https://doi.org/10.5281/zenodo.5153663
Repository Zenodo
Abstract
Replication package for the paper "Do Comments follow Commenting Conventions? A case study in Java and Python"

RP class comment classification

Author Rani, Pooja
Publication date 05.10.2021
Persistent Identifier (PID) https://github.com/poojaruhal/RP-class-comment-classification
Repository Github
Abstract
This project contains all the necessary material to replicate the experiments. It also contains supplementary data to give better insights into the results.

Dataset for class comment analysis

Author Rani, Pooja
Publication date 08.12.2020
Persistent Identifier (PID) https://doi.org/10.5281/zenodo.4311839
Repository Zenodo
Abstract
A list of different projects selected to analyze class comments (available in the source code) of various languages such as Java, Python, and Pharo. The projects vary in terms of size, contributors, and domain.

Replication package for Makar

Author Rani, Pooja
Publication date 18.11.2020
Persistent Identifier (PID) https://doi.org/10.5281/zenodo.4434822
Repository Zenodo
Abstract
Replication Package for the tool "Makar: A Framework for Multi-source Studies based on Unstructured Data"

Makar Data Manager - source code

Author Rani, Pooja; Birrer, Mathias
Publication date 12.01.2021
Persistent Identifier (PID) https://github.com/maethub/makar
Repository Github
Abstract
Makar Data Manager allows to easily import data from different sources (e.g Stack Overflow, Github, Mailinglists). User-Defined data models guarantee great flexibility, and with extendable Transformations the data can be preprocessed as needed for further analysis.

CryptoMine dataset - Java Cryptography Uses in the Wild

Author Hazhirpasand, Reza
Publication date 24.04.2022
Persistent Identifier (PID) https://github.com/arti-all/datasets/tree/main/cryptomine
Repository GitHub
Abstract
CryptoMine (https://dl.acm.org/doi/abs/10.1145/3382494.3422166) In this dataset, we analyzed hundreds of open-source Java applications in which JCA APIs were used. We also manually assessed nearly half of the dataset.

HackerOne dataset - Cryptography Vulnerabilities on HackerOne

Author Hazhirpasand, Reza
Publication date 24.04.2022
Persistent Identifier (PID) https://github.com/arti-all/datasets
Repository GitHub
Abstract
HackerOne (https://arxiv.org/abs/2111.03859) We analyzed crypto-related vulnerabilities found and reported by security experts to HackerOne. The dataset contains vulnerabilities of all kinds and it is not restricted to only crypto-related reports.

JCA_survey dataset - Worrisome Patterns in Developers: A Survey in Cryptography

Author Hazhirpasand, Reza
Publication date 24.04.2022
Persistent Identifier (PID) https://github.com/arti-all/datasets
Repository GitHub
Abstract
JCA_survey (https://ieeexplore.ieee.org/abstract/document/9680282) The folder contains the responses of 97 developers who had used JCA APIs in their projects.

Large Scale Analysis dataset - Hurdles for Developers in Cryptography

Author Hazhirpasand, Reza
Publication date 24.04.2022
Persistent Identifier (PID) https://github.com/arti-all/datasets
Repository GitHub
Abstract
Large Scale Analysis(https://arxiv.org/abs/2108.07141) We analysed nearly all of the crypto-related questions on Stack Overflow. The folder includes the posts, pyLDA chart, tags per topic, and initial tags.

Mapping Data dataset - Crypto Experts Advise What They Adopt

Author Hazhirpasand, Reza
Publication date 24.04.2022
Persistent Identifier (PID) https://github.com/arti-all/datasets
Repository GitHub
Abstract
Mapping Data (https://ieeexplore.ieee.org/abstract/document/9680277) The folder includes top-rated users in cryptography and the initial tags for finding crypto-related topics

Crypto Libs dataset - Dazed and Confused: What’s Wrong with Crypto Libraries?

Author Hazhirpasand, Reza
Publication date 24.04.2022
Persistent Identifier (PID) https://github.com/arti-all/datasets
Repository GitHub
Abstract
Crypto Libs (https://arxiv.org/pdf/2111.01406.pdf) This folder includes 500 Stack Overflow questions from 20 crypto libraries that were analyzed to find common issues in crypto libraries.

CryptoExplorer source code

Author Hazhirpasand, Reza
Publication date 24.04.2022
Persistent Identifier (PID) https://github.com/arti-all/datasets
Repository GitHub
Abstract
crypto_explorer (the source code of the platform + JCA files)

Associated projects

Number Title Start Funding scheme
162352 Agile Software Analysis 01.01.2016 Project funding

Abstract

As software systems evolve, developers struggle to track and understand the vast amount of software information related to the software source code itself, the application domain, its quality concerns, changes to the underlying infrastructure, and the software ecosystem at large. Mainstream integrated development environments (IDEs) offer only limited support to advise the developer during common development tasks, mainly in the form of so-called “quick fixes” related to purely technical aspects of the programming language. This continuation of our ongoing SNSF project1 will explore these issues in the following four thematically related PhD tracks:Speculative software analysis. In this track we tackle the research question: “How can software information be speculatively analysed, and results be automatically presented that are relevant to the developer’s task at hand?” Developers are confronted with large amounts of software data: versions of the software itself, documentation, used libraries and frameworks, contents of the issue tracker, and all related information about the software ecosystem. Although some analysis tools exist, developers are often not aware of what tools or data might be useful to support which tasks, and relevant tools are typically not part of the standard IDE. We envision an automated developer support that proactively offers analysis results tailored to the current development context.Executable domain models. Here we explore the question: “How can domain models be specified and deployed as executable software artifacts suitable for testing, expressing requirements, and driving design and implementation?” Domain knowledge is at the core of any software development process, and is essential for requirements analysis, object-oriented design, and management of software evolution. However domain models are often manifested only as static documentation that rapidly diverges from reality as the software system evolves. Although model-driven approaches have had some success, their application is largely limited to domains where changes are well-understood so models can be automatically transformed to code. Instead of transforming models to code, we imagine an approach in which executable domain models are developed throughout the software life cycle, and form an integral part of the system under development.Domain-specific software quality. In this track we address the question: “How can domainspecific quality concerns and their corresponding corrective actions be effectively specified and monitored?” As a software system evolves, there may be important quality aspects of which the developer may only have passing knowledge, such as the security impact of certain implementation choices. We envision a system that actively monitors such domain-specific quality concerns and advises the developer of possible corrective actions. We plan to focus mainly on security issues in Android software, an area where we have achieved some very promising initial results.API client migration. As software systems evolve, client software that depends on them must be adapted to the evolving Application Programming Interfaces (APIs). Here we plan to study the question: “What is a suitable model for specifying, reasoning about, and automating API client migration?” Although strides have been made in automating certain kinds of adaptations, generally API migration is poorly supported in practice. We imagine a system in which migrations can either be automated, or supported by tools that systematically guide developers in the migration. We will analyze various case studies of past API migrations to better understand the potential for automated migration, and carry out experiments to assess such migration schemes.
-