Reusable Software Components Research Articles

Research Directions in Software Supply Chain Security

Reusable software libraries, frameworks, and components, such as those provided by open-source ecosystems and third-party suppliers, accelerate digital innovation. However, recent years have shown almost exponential growth in attackers leveraging these software artifacts to launch software supply chain attacks. Past well-known software supply chain attacks include the SolarWinds, log4j, and xz utils incidents. Supply chain attacks are considered to have three major attack vectors: through vulnerabilities and malware accidentally or intentionally injected into open-source and third-party dependencies/components/containers ; by infiltrating the build infrastructure during the build and deployment processes; and through targeted techniques aimed at the humans involved in software development, such as through social engineering. Plummeting trust in the software supply chain could decelerate digital innovation if the software industry reduces its use of open-source and third-party artifacts to reduce risks. This paper contains perspectives and knowledge obtained from intentional outreach with practitioners to understand their practical challenges and from extensive research efforts. We then provide an overview of current research efforts to secure the software supply chain. Finally, we propose a future research agenda to close software supply chain attack vectors and support the software industry.

A software product line approach for developing hybrid software systems

Context:Quantum computing is rapidly emerging as a transformative force in technology. We will soon increasingly encounter hybrid systems that combine quantum technology with classical software. Software engineering techniques will be required to manage the complexity of designing such systems and their reuse. Objective:This paper introduces preliminary ideas concerning developing quantum–classical software using a Software Product Line approach. Method:This approach addresses the mentioned challenges and provides a feature model and a whole process to manage variability during the design and development of hybrid quantum–classical software. The usage of this approach is illustrated and discussed using an example in the logistics domain. Results:The preliminary insights show the feasibility and suitability of applying the proposed approach to develop complex quantum–classical software. Conclusions:The main implication of this research is that it can help to manage complexity, maximize the reuse of classical and quantum software components, and deal with the highly changing technological stack in the current quantum computing field.

Portfolio Evolution Analysis for SPL Scoping: Unveiling the dynamics with dedicated time-series dashboards

Software Product Line Engineering (SPLE) is a recognized methodology for systematically developing reusable software components and tailored software products for specific market segments. A critical activity within domain engineering is SPL Scoping, aimed at profiling the SPL boundaries and fitting this market segment. Yet, this market is a moving target, which requires SPLs to be proactive in anticipating and addressing future challenges and opportunities. In this setting, rather than all the possible products potentially derived from the SPL’s Feature Model (i.e., the potential portfolio), the subset of products actually deployed is a better indicator of market adoption and customer preferences, and ultimately, of the SPL’s fitness to the market. This study characterizes the phenomenon of ‘deployed portfolio evolution’ in terms of the size and frequency of portfolio changes. We then elaborate on the advantages of utilizing this data source and the necessity for dedicated tools for Portfolio Evolution Analysis integrated within variability managers. To achieve this, we introduce the functional requirements, implementation, and architecture of PortfolioScan, a dashboard for Portfolio Evolution Analysis built on top of pure::variants. The dashboard enables the evaluation of feature usage through time-series charts such as temporal heat maps, line charts, and also a scoping-criteria comparison matrix. Evaluation results (n=13) indicate a positive perception. Practitioners also recognize the benefits of Portfolio Evolution Analysis for Testing Resource Optimization and Configuration Assistance. The ultimate goal of the study is to establish a basis for more responsive and market-oriented decision-making in SPL tasks.

Synchronized Shared Memory and Black-box Procedural Abstraction: Toward a Formal Semantics of Blech

Traditional imperative synchronous programming languages heavily rely on a strict separation between data memory and communication signals. Signals can be shared between computational units but cannot be overwritten within a synchronous reaction cycle. Memory can be destructively updated but cannot be shared between concurrent threads. This incoherence makes traditional imperative synchronous languages cumbersome for the programmer. The recent definition of sequentially constructive synchronous languages offers an improvement. It removes the separation between data memory and communication signals and unifies both through the notion of clock synchronized shared memory . However, it still depends on global causality analyses, which precludes black-box procedural abstraction. This complicates reuse and composition of software components. This article shows how black-box procedural abstraction can be accommodated inside the sequentially constructive model of computation. We present the Sequentially Constructive Procedural Language ( SCoPL ) and its semantic theory of policy-constructive synchronous processes. SCoPL supports black-box procedural abstractions using policy interfaces to ensure that procedure calls are memory-safe and wait-free and their scheduling is determinate and causal. At the same time, a policy interface constrains the level of freedom for the implementation and subsequent refactoring of a procedure. As a result, policies enable separate compilation and composition of procedures. We present our extensions abstractly as a formal semantics for SCoPL and motivate it concretely in the context of the open-source, embedded, real-time language Blech .

How Freelance Developers Embrace Software Reuse Practice? A perspective analysis using clustering techniques

The advancement of ICT technologies has modernized software development practices, thus presenting opportunities for developers to reuse software components in developing new software. These practices allow developers to use reliable reusable software components to quickly develop software. However, not much research has reported how freelance developers capitalize on these practices, despite the rapid rise of freelancing development. This research investigates how freelance developers embrace software reuse practices to achieve project success. A survey that gathers 351 responses from freelancers was analyzed using clustering techniques, revealing high levels of self-efficacy and satisfaction towards deploying software reuse practices and highlighting the need for software development firms to embrace this method.

DValidator: An approach for validating dependencies in build configurations

Reusing components is a well-established practice in modern software engineering and brings many advantages, such as a reduction of development costs and time. However, there are still several problems when reusing software components, such as the management of the dependencies of a project. Modern build systems provide dependency managers to support developers when dealing with dependencies. But even with this tool support, dependency management is an error-prone task which can lead to dependency hell if it gets out of control.In this paper, we propose DValidator, an approach that considers dependencies on project level and method call level for validating dependencies in build configurations. First, DValidator encodes a project’s dependency graph as specified in a build configuration and its call graph into a representation using Answer Set Programming (ASP). Then it uses Clingo as a solver to detect problems with the dependencies in that build configuration. In a preliminary evaluation with four open source Maven projects we show that our approach can detect selected dependency smells in less than eight seconds. Next steps concern the investigation of our approach for automatically improving dependency configurations, such as automatically repairing dependency smells and conflicts.Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board.

On the outdatedness of workflows in the GitHub Actions ecosystem

GitHub Actions was introduced as a way to automate CI/CD workflows in GitHub, the largest social coding platform. Thanks to its deep integration into GitHub, GitHub Actions can be used to automate a wide range of social and technical activities. Among its main features, it allows automation workflows to rely on reusable components – the so-called Actions – to enable developers to focus on the tasks that should be automated rather than on how to automate them. As any other kind of reusable software components, Actions are continuously updated, causing many automation workflows to use outdated versions of these Actions. Based on a dataset of nearly one million workflows obtained from 22K+ repositories between November 2019 and September 2022, we provide quantitative empirical evidence that reusing Actions in GitHub workflows is common practice, even if this reuse tends to concentrate on a limited number of Actions. We show that Actions are frequently updated, and we quantify to which extent automation workflows are outdated with respect to these Actions. Using two complementary metrics, technical lag and opportunity lag, we found that most of the workflows are using an outdated Action release, are lagging behind the latest available release for at least 7 months, and had the opportunity to be updated during at least 9 months. This calls for a more rigorous management of Action outdatedness in automation workflows, as well as for better policies and tooling to keep workflows up-to-date.

A metadata driven process for assessing stability and reusability based on risk of change of software systems

AbstractMeasuring and estimating the reusability of software components are important steps toward finding reusable candidates. Reuse of software components can aid in the reduction of the development cost of new software or maintenance of existing ones. However, assessing the reusability of software is a challenging task. Even if reusable candidates can be identified, developers will need to decide on the reuse strategies, that is, reuse as it is without any modification, or introduce new changes to the reusable candidate to fulfill requirements in the new environment or releases. Thus, the stability of the reusable candidates plays a pivotal role because it will influence the ease of reuse. Assessing and predicting the stability of potential reusable candidates becomes a significant and important step in software reuse. In this research, we propose to leverage on risk of change as a proxy to measure software stability, where the latter is also a proxy measure for software reuse. Based on experiments conducted on 29 open‐source software with different sizes and application types hosted on GitHub, we found that classes with high impact and high risk of change should be avoided from being reused due to their instability, while those classes with low impact and risk of change should be given priority. The proposed work can aid in providing a better understanding of the ease of reuse for software systems and can be used as a tool to assess its overall quality.

An Architectural Pattern for Dynamic Component Integration

The continuing increase of interest in Component-based Software Engineering (CBSE) signifies the emergence of a new development trend within the software industry. CBSE deals with the usage of reusable software components to provide complex integrated solutions at shorter development time and minimum cost. This engineering approach emphasizes the identification, selection, evaluation, procurement, integration, and evolution of reusable components for constructing complex and large-scale software solutions. Component-based development approach has a great potential for significantly reducing the cost and time to market of large-scale and complex software systems, improving system maintainability and flexibility. However the usage of components imposes some problems in the development process. Especially, the complexity of the integration process is increased due to the black box nature of the products. Integration is further influenced by problems due to architectural mismatches, component incompatibility etc. Apart from these general static integration problems, necessity for intelligent services and context aware computing paves way for the dynamic integration of components. Patterns have promising benefits in solving software design problems and their benefits have been realized in the design of component integration also. Patterns exist in different levels. Architectural patterns provide the overall structure of a system; design patterns deal with localized design choices; Idioms define patterns of usage within a particular language. Design patterns express proven techniques making it possible to reuse successful designs and provide a common vocabulary to share design descriptions. Architectural patterns cover a wider realm, specifying system-wide structural properties for an application, and impacting on subsystem architecture. This report presents the study of literature related to patterns and its application in the design of component-based systems. An Architectural pattern has been proposed in this report, for the design of a component-based system that dynamically integrates components. The dynamism is achieved using a service model.

Application of Intelligent Adaptive Neuro Fuzzy Method for Reusability of Component Based Software System

Component Based Software System (CBSS) provides an easy and efficient way to develop new software application with the help of existing software components of similar functionalities. It increases the reusability of software components and reduce the development time, cost and effort of software developers. To select the appropriate component, it become essential to assess the reusability of software components so that suitable component can be selected to reuse in another application. For assessing the reusability of CBSS, several factors are required to be considered. In this paper, four reusability sub-factors Interface Complexity (IC), Understandability (Un), Customizability (Co) and Reliability (Re) are used as input variables and reusability is assessed using Fuzzy Inference System (FIS) and Adaptive Neuro Fuzzy Inference System (ANFIS) approach because these two approaches are commonly used approach for assessing the quality factors. For experimental work, one case study has been done where rules are generated to assess reusability using four different reusability factors by taking feedback from researchers and academicians using online survey. Reusability was assessed for ten different values of input variables. Experiment shows that results obtained from ANFIS method were closer to the original values. Root Mean Square Error (RMSE) of FIS results was 6.05% which was further reduced by the application of ANFIS approach and finally 2.20% of RMSE was achieved. This research work will be helpful for software developers and researchers to assess the reusability of software components and they will be able to take corrective decision for choosing the appropriate component to be reused in new software applications, which will reduce their effort, time and cost of development

Neighborhood Search Based Improved Bat Algorithm for Web Service Composition

Web services are provided as reusable software components in the services-oriented architecture. More complicated composite services can be combined from these components to satisfy the user requirements represented as a workflow with specified Quality of Service (QoS) limitations. The workflow consists of tasks where many services can be considered for each task. Searching for optimal services combination and optimizing the overall QoS limitations is a Non-deterministic Polynomial (NP)-hard problem. This work focuses on the Web Service Composition (WSC) problem and proposes a new service composition algorithm based on the micro-bats behavior while hunting the prey. The proposed algorithm determines the optimal combination of the web services to satisfy the complex user needs. It also addresses the Bat Algorithm (BA) shortcomings, such as the tradeoff among exploration and exploitation searching mechanisms, local optima, and convergence rate. The proposed enhancement includes a developed cooperative and adaptive population initialization mechanism. An elitist mechanism is utilized to address the BA convergence rate. The tradeoff between exploration and exploitation is handled through a neighborhood search mechanism. Several benchmark datasets are selected to evaluate the proposed bat algorithm’s performance. The simulation results are estimated using the average fitness value, the standard deviation of the fitness value, and an average of the execution time and compared with four bat-inspired algorithms. It is observed from the simulation results that introduced enhancement obtains significant results.

Revisiting Language Support for Generic Programming: When Genericity Is a Core Design Goal

Context: Generic programming, as defined by Stepanov, is a methodology for writing efficient and reusable algorithms by considering only the required properties of their underlying data types and operations. Generic programming has proven to be an effective means of constructing libraries of reusable software components in languages that support it. Generics-related language design choices play a major role in how conducive generic programming is in practice. Inquiry: Several mainstream programming languages (e.g. Java and C++) were first created without generics; features to support generic programming were added later, gradually. Much of the existing literature on supporting generic programming focuses thus on retrofitting generic programming into existing languages and identifying related implementation challenges. Is the programming experience significantly better, or different when programming with a language designed for generic programming without limitations from prior language design choices? Approach: We examine Magnolia, a language designed to embody generic programming. Magnolia is representative of an approach to language design rooted in algebraic specifications. We repeat a well-known experiment, where we put Magnolia's generic programming facilities under scrutiny by implementing a subset of the Boost Graph Library, and reflect on our development experience. Knowledge: We discover that the idioms identified as key features for supporting Stepanov-style generic programming in the previous studies and work on the topic do not tell a full story. We clarify which of them are more of a means to an end, rather than fundamental features for supporting generic programming. Based on the development experience with Magnolia, we identify variadics as an additional key feature for generic programming and point out limitations and challenges of genericity by property. Grounding: Our work uses a well-known framework for evaluating the generic programming facilities of a language from the literature to evaluate the algebraic approach through Magnolia, and we draw comparisons with well-known programming languages. Importance: This work gives a fresh perspective on generic programming, and clarifies what are fundamental language properties and their trade-offs when considering supporting Stepanov-style generic programming. The understanding of how to set the ground for generic programming will inform future language design.

Apriori Algorithm Based Component Classifications and Adaptation for Software Reuses

With the growth in software development, the software user expects high-quality software services with lesser time complexity. Therefore, the demand for software component based development is also increasing. In the recent past, a good number of research attempts have tried to build an automated framework for generating the recommendations for component equivalence. In software engineering and program building, reusability is the utilization of existing resources in some structure inside the product items. Adaptive software reuse products improve the life cycle of software and enhance the planning, coding, and documentation in different approaches of reusability. On the other hand, reusability can be used to meet with new software demands. Thus, the proposed novel approach to Apriori based component classifications and adaptation is used to software component reusability based on the recommendation of rule-based analysis.

A Market-Based Approach to Facilitate the Organizational Adoption of Software Component Reuse Strategies

Despite the theoretical benefits of software component reuse (and the abundance of component-based software development on the vendor side), the adoption of component reuse strategies at the organizational level (on the client side) remains low in practice. According to research, the main barrier to advancing component-based reuse strategies into a robust industrial process is coordination failure between software producers and their customers, which result in high acquisition costs for customers. We introduce a component reuse licensing model and combine it with a dynamic price discovery mechanism to better coordinate producers’ capabilities and customer needs. Using an economic experiment with 28 IT professionals, we investigate the extent to which organizations may be able to leverage component reuse for performance improvements. Our findings suggest that implementing component reuse can assist organizations in addressing the issue of coordination failure with software producers while also lowering acquisition costs. We argue that similar designs can be deployed in practice and deliver benefits to software development in organizations and the software industry.

A reference architecture for social robots

Social robotics poses tough challenges to software designers who are required to take care of difficult architectural drivers like acceptability, trust of robots as well as to guarantee that robots establish a personalized interaction with their users. Moreover, in this context recurrent software design issues such as ensuring interoperability, improving reusability and customizability of software components also arise. Designing and implementing social robotic software architectures is a time-intensive activity requiring multi-disciplinary expertise: this makes it difficult to rapidly develop, customize, and personalize robotic solutions. These challenges may be mitigated at design time by choosing certain architectural styles, implementing specific architectural patterns and using particular technologies. Leveraging on our experience in the MARIO project, in this paper we propose a series of principles that social robots may benefit from. These principles lay also the foundations for the design of a reference software architecture for social robots. The goal of this work is twofold: (i) Establishing a reference architecture whose components are unambiguously characterized by an ontology thus allowing to easily reuse them in order to implement and personalize social robots; (ii) Introducing a series of standardized software components for social robots architecture (mostly relying on ontologies and semantic technologies) to enhance interoperability, to improve explainability, and to favor rapid prototyping.

A Review of Software Components Identification Methods and Quality Assessment Criteria

Identification of suitable reusable software components from repositories and other sources is a key process in software reuse.  Many methods for components identifying exist.  However, considering the increased adoption of reuse in software projects and the need to identify appropriate components from the numerous sources based on multiple quality criteria, it becomes imperative to undertake a review of existing methods to determine their strengths and weaknesses as well as gaps in components identification.  In view of the above, this research was designed to undertake a systematic review of components identification methods in software reuse.  Research findings indicate that existing methods and automated tools were inadequate in handling components identification from multiple sources especially where multiple quality criteria are considered.  Also, findings indicate that multi-objective optimization algorithms like non-dominated sorting genetic algorithm III (NSGA-III) are capable of addressing such multidimensional problems; therefore, greater efforts in designing and developing automated tools that are based on this technique are highly recommended.  The need for adequate methods for cataloguing and categorizing components that are stored in repositories and other sources is also identified as capable of enhancing the process of components identification in software reuse.

Software component reusability prediction using extra tree classifier and enhanced Harris hawks optimization algorithm

Software component reusability prediction using extra tree classifier and enhanced Harris hawks optimization algorithm

Scout-bot: Leveraging API Community Knowledge for Exploration and Discovery of API Learning Resources


 
 
 Application Programming Interface (API) is a core technology that facilitates developers’ productivity by enabling the reuse of software components. Understanding APIs and gaining knowledge about their usage are therefore fundamental needs for developers. Here, API documentation plays a pivotal role in enabling developers to take full advantage of the benefits brought by APIs. The quality of API documentation has therefore become an important concern given the celerity and dynamics at which APIs are now being made available to users. This article aims at exploring existing research in the area of API documentation in order to identify the associated quality dimensions addressed by the literature. The research is carried out as a systematic mapping study where 103 research papers selected from the literature were reviewed and a total of 5 core quality dimensions were identified and analyzed. By focusing on the two most relevant quality dimensions (understandability and completeness), this article presents an approach to enable API users to explore, discover and learn about APIs through API topic issues discussed in Stack Overflow (SO). We demonstrate the feasibility of our approach through Scout-bot, our tool for exploration and discovery of API topic issues.
 
 

Experience in Designing for Cyber Resiliency in Embedded DoD Systems

AbstractIn DoD systems, software component reuse is highly valued, and development is rarely started from scratch. Most embedded weapon systems are a heterogeneous mixture of new, modified, and legacy components. This mixture drives an increased impetus to improve upon the existing system's model, and also creates an opportunity to assess potential cyber vulnerabilities earlier in the lifecycle. In this paper, we describe our experience in developing an experimental platform, which is a representative testbed that incorporates legacy, modified, and new components, using a process where we address cyber resiliency early in development. We give accounts of where each of the parts of our representative testbed originated, what modeling decisions we made, and how we analyzed cyber vulnerabilities. We also propose a system engineering process, based on architectural modeling of the system, which introduces analysis early in the design for cyber resiliency. We are developing an approach to use advanced tools to find vulnerabilities and to develop cyber resiliency requirements to counter those vulnerabilities. The creation of the model and documentation of cyber resiliency requirements and design decisions provide a positive impact on the system lifecycle and future integration of the system.

Software Metrics for Reusability of Component Based Software System: A Review

Component Based Software System (CBSS) have become most generalized and popular approach for developing reusable software applications. A software component has different important factors, but reusability is the most citing factor of any software component. Software components can be reused for the development of another software application, which further reduces the amount of time and effort of software development process. With the increase in the number of software components, requirement for identification of software metrics also increased for quantitative analysis of different aspects of components. Reusability depends on different factors and these factors have different impact on the reusability of software components. In this paper, study has been performed to identify the major reusability factors and software metrics for measuring those factors. From this research work, it will become easier to measure the reusability of software components, and software developers would be able to measure the degree of various features of any application which can be reused for developing other software applications. In this way, it would be easy and convenient to identify and compare the reusable software components and they could be reused in effective and efficient manner.