ABSTRACT Trusted execution environments (TEEs) are widely used, and their kernel security has become a significant area of focus. Fuzzing, a powerful technique for detecting vulnerabilities in operating systems, has increasingly been applied to the security analysis of TEEs. However, conventional fuzzing tools cannot be directly used for TEE kernels due to their isolation. Coverage‐guided fuzzers often discard test cases that trigger new states but cover the same code, which limits their effectiveness in discovering vulnerabilities. To address these challenges, we propose a state‐aware fuzzing method specifically designed for TEE kernels. Initially, we develop a modeling and tracing approach to represent the program state through state‐variable values, overcoming the limitations of coverage‐guided fuzzers. Subsequently, we propose a new communication scheme to address the issues resulting from the isolation of TEEs. Additionally, new seed preservation and selection algorithms are put forward to better guide the fuzzer in exploring vulnerabilities. Finally, we employ the N‐gram model to enhance the test case generation process and optimize the framework's performance. We have implemented a prototype called Trusty‐Statefuzz and evaluated it on Fuchsia, our self‐developed microkernel operating system Nebula, and the OP‐TEE. The evaluation results show that Trusty‐Statefuzz is effective at detecting both new code and vulnerabilities. Trusty‐Statefuzz discovers nine unknown vulnerabilities and 23 known vulnerabilities. Additionally, it achieves 13% higher code coverage and 27% higher state coverage than the state‐of‐the‐art fuzzer Syzkaller.

ABSTRACT This study presents a comprehensive comparative analysis of the performance of different JavaScript engines in the context of React Native hybrid applications, with a particular focus on the differences between JavaScript Interface (JSI) and bridge architectures. The study conducted a series of performance tests on the most popular JavaScript engines, including Hermes, JavaScriptCore (JSC), and V8, using a set of standard benchmarks and use cases. As part of the research, a QuickJS engine communication layer was created, and necessary changes were proposed to the React Native framework and engine code. The testing methodology included measurements of application package size, interaction time, memory usage, UI rendering performance, and operation execution speed. Tests were conducted on identical components implemented in both React Native architectures, allowing a direct comparison of the impact of architecture on JavaScript engine performance. The results of the experiment indicate differences in engine performance depending on the scenario and describe the differences between their use in bridge and JSI architectures.

ABSTRACT In the postpandemic era, attitudes toward remote work appeared to undergo a lasting transformation, with a high degree of location flexibility becoming increasingly common. Yet, in recent years, many organizations have introduced return‐to‐office (RTO) initiatives aimed at re‐establishing traditional workplace dynamics and prioritizing in‐person collaboration. These mandates have drawn significant attention and criticism for limiting software developers flexibility, diminishing well‐being, and potentially impacting women disproportionally. This study seeks to understand software developers preferences and actual work behaviors in companies that promote in‐office presence. Specifically, we investigate whether certain demographic groups, including women, are differentially affected by RTO initiatives. We also explore a range of factors that may influence individual preferences for remote or on‐site work, beyond gender‐based assumptions. We report findings from a survey conducted in two large Scandinavian companies engaged in the development of software‐intensive systems and services. Data analysis includes descriptive statistics, contingency tables along with post hoc tests, chi‐square test of association, and Cramér's for effect sizes. Our findings reveal that gender differences among software developers in both industrial cases are minimal and statistically insignificant. Instead, other variables—such as the degree of collaborative work, commute time, and responsibility to support teammates—demonstrate a stronger association with both actual and preferred office attendance. Our results challenge common narratives around gendered responses to RTO mandates, suggesting that other contextual and task‐related factors may play a more decisive role. While the impact of RTO initiatives should not be dismissed, our findings indicate that a deeper understanding of work dynamics—particularly around collaboration intensity and commuting burden—is essential to designing equitable and effective work policies. Finally, our findings imply that organizational recommendations for work location must go hand in hand with task design.

ABSTRACT The social isolation measures resulting from the COVID‐19 outbreak changed work practices in various sectors, especially with the shift to working from home. However, the implications of the pandemic on the maintenance and evolution of open‐source software (OSS) still deserve further studies. In this paper, we analyze the effects of COVID‐19 on the development activity of OSS and how social isolation changed the productivity of OSS contributors. We conducted a mixed‐method study composed of (i) a mining software repositories analysis of 155 popular and active OSS projects on GitHub, selected from an initial dataset of 1500 repositories based on activity thresholds (commits, pull requests, and size), and (ii) a survey with 57 core developers identified using an established literature‐based heuristic. The mining study analyzed commits, code churn, pull requests, and pull request latency to assess changes before and after the pandemic, applying statistical tests and a mixed‐effects Regression Discontinuity Design. The survey collected self‐reported perceptions of productivity and engagement during the pandemic, enabling triangulation with repository activity trends. Our results show that while core developers' productivity remained stable, there was a sustained decline in newcomer participation and a temporary increase in core developer turnover. In the early days of the outbreak, we observed an increase in accepted pull requests, followed by a stabilization of most activity metrics. Some findings are supported by our survey study, whose results indicate that most of our survey respondents consider that COVID‐19 did not change their productivity substantially. These findings offer insights into OSS resilience and sustainability in the face of large‐scale disruptions, contributing to a broader understanding of the outbreak's impact and providing actionable lessons for managing distributed development in crisis scenarios.

ABSTRACT Partition scheduling plays a crucial role in ensuring temporal determinism and fault isolation in real‐time operating systems. However, its correctness is difficult to guarantee through traditional testing due to the complexity of timing interactions and the need for exhaustive state exploration. Therefore, a rigorous and systematic verification approach is essential to ensure system design correctness under all execution scenarios.This paper presents a formal modeling and verification methodology for partition scheduling in operating systems, based on timed automata. The proposed model is developed and systematically verified using UPPAAL. It comprises four key components–Partition, Scheduler, TimeSynchronizer, and ErrorHandler–which collectively capture task execution flows, scheduling policies, clock synchronization, and fault‐handling mechanisms. A comprehensive set of verification properties is defined using Linear Temporal Logic (LTL) to formally specify the system's temporal behaviors and safety requirements. The verification results confirm that the proposed approach effectively verifies partition switching correctness, time consistency enforcement, and exception recovery. This method provides a rigorous and practical formal foundation for modeling and analyzing real‐time scheduling systems.

ABSTRACT In the cloud era, cloud application programming interface (API), as the best carrier for service delivery, capability replication, and data output, has become the core element of service‐oriented software development. The existing cloud API recommendation methods adhere to a common paradigm: leveraging perceived quality of service and keyword matching to generate high‐quality, single‐function results, while overlooking the objective needs for function‐guided complementary cloud APIs in service‐oriented software development. Function‐guided complementary cloud API recommendation aims to generate cloud APIs that are frequently co‐invoked in conjunction with those API having given function, thereby satisfying the joint interests of developers. To this end, we proposed a function‐guided extended latent Dirichlet allocation (ELDA) model for complementary cloud API recommendation. Specifically, we first conduct an analysis of real‐world data from the cloud API ecosystems to illustrate both the necessity for complementary cloud API recommendations and the objective existence of a head effect within these APIs. Then we conceptualize the complementary relationship between a function and cloud APIs by treating the function as a document, with the corresponding cloud APIs represented as words within that document. Furthermore, we extend the classic latent Dirichlet allocation model by introducing two additional factors: (1) cloud API popularity and (2) functional sensitivity. These factors are designed to capture head effects within complementary cloud APIs. Additionally, we train both a positive and a negative ELDA model using the respective positive and negative corpus sets obtained. Furthermore, complementary cloud APIs relevant to the targeted function are generated by integrating the results from both the positive and negative ELDA models. Finally, experiments were conducted on two real‐world cloud API datasets. The results demonstrate that the performance of ELDA surpasses that of the comparative methods. Sensitivity analysis of hyperparameters and case study findings further validate the effectiveness and practicality of ELDA.

ABSTRACT Continuous deployment is a significant trend in software development, yet its adoption and potential benefits within the public sector remain under‐researched. This paper examines a case study of continuous deployment implementation in a public sector project undertaken by Solita, a software development company, for a client utilizing agile methodologies. The study provides a comprehensive overview of the motivations, benefits, and challenges encountered during continuous deployment adoption. This study contributes to the growing body of knowledge on continuous deployment by providing valuable insights into its application within the public sector context, offering practical recommendations for overcoming challenges and achieving successful implementation.