05 Fakultät Informatik, Elektrotechnik und Informationstechnik

Permanent URI for this collectionhttps://elib.uni-stuttgart.de/handle/11682/6

Browse

Institute: search.filters.UBSInstitut.Institut für SoftwaretechnologiePublication Type: search.filters.UBSTyp.Preprint

Search Results

Now showing 1 - 5 of 5
  • Thumbnail Image
    ItemOpen Access
    An industrial case study on the evaluation of a safety engineering approach for software-intensive systems in the automotive domain
    (2016) Abdulkhaleq, Asim; Vöst, Sebastian; Wagner, Stefan; Thomas, John
    Safety remains one of the essential and vital aspects in today's automotive systems. These systems, however, become ever more complex and dependent on software which is responsible for most of their critical functions. Therefore, the software components need to be analysed and verified appropriately in the context of software safety. The complexity of software systems makes defining software safety requirements with traditional safety analysis techniques difficult. A new technique called STPA (Systems-Theoretic Process Analysis) based on system and control theory has been developed by Leveson to cope with complex systems. Based on STPA, we have developed a comprehensive software safety engineering approach in which the software and safety engineers integrate the analysis of software risks with their verification to recognize the software-related hazards and reduce the risks to a low level. In this paper, we explore and evaluate the application of our approach to a real industrial system in the automotive domain. The case study was conducted analysing the software controller of the Active Cruise Control System (ACC) of the BMW Group.
  • Thumbnail Image
    ItemOpen Access
    An automatic safety-based test case generation approach based on systems-theoretic process analysis
    (2016) Abdulkhaleq, Asim; Wagner, Stefan
    Software safety remains one of the essential and vital aspects in today’s systems. Software is becoming responsible for most of the critical functions of systems. Therefore, the software components in the systems need to be tested extensively against their safety requirements to ensure a high level of system safety. However, performing testing exhaustively to test all software behaviours is impossible. Numerous testing approaches exist. However, they do not directly concern the information derived during the safety analysis. STPA (Systems-Theoretic Process Analysis) is a unique safety analysis approach based on system and control theory, and was developed to identify unsafe scenarios of a complex system including software. In this paper, we present a testing approach based on STPA to automatically generate test cases from the STPA safety analysis results to help software and safety engineers to recognize and reduce the associated software risks. We also provide an open-source safety-based testing tool called STPA TCGenerator to support the proposed approach. We illustrate the proposed approach with a prototype of a software of the Adaptive Cruise Control System (ACC) with a stop-and-go function with a Lego-Mindstorms EV3 robot.
  • Thumbnail Image
    ItemOpen Access
    Naming the pain in requirements engineering: a design for a global family of surveys and first results from Germany
    (2015) Méndez Fernández, Daniel; Wagner, Stefan
    Context: For many years, we have observed industry struggling in defining a high quality requirements engineering (RE) and researchers trying to understand industrial expectations and problems. Although we are investigating the discipline with a plethora of empirical studies, they still do not allow for empirical generalisations. Objective: To lay an empirical and externally valid foundation about the state of the practice in RE, we aim at a series of open and reproducible surveys that allow us to steer future research in a problem-driven manner. Method: We designed a globally distributed family of surveys in joint collaborations with different researchers and completed the first run in Germany. The instrument is based on a theory in the form of a set of hypotheses inferred from our experiences and available studies. We test each hypothesis in our theory and identify further candidates to extend the theory by correlation and Grounded Theory analysis. Results: In this article, we report on the design of the family of surveys, its underlying theory, and the full results obtained from Germany with participants from 58 companies. The results reveal, for example, a tendency to improve RE via internally defined qualitative methods rather than relying on normative approaches like CMMI. We also discovered various RE problems that are statistically significant in practice. For instance, we could corroborate communication flaws or moving targets as problems in practice. Our results are not yet fully representative but already give first insights into current practices and problems in RE, and they allow us to draw lessons learnt for future replications. Conclusion: Our results obtained from this first run in Germany make us confident that the survey design and instrument are well-suited to be replicated and, thereby, to create a generalisable empirical basis of RE in practice.
  • Thumbnail Image
    ItemOpen Access
    Introduction of static quality analysis in small- and medium-sized software enterprises: experiences from technology transfer
    (2014) Gleirscher, Mario; Golubitskiy, Dmitriy; Irlbeck, Maximilian; Wagner, Stefan
    Today, small- and medium-sized enterprises (SMEs) in the software industry face major challenges. Their resource constraints require high efficiency in development. Furthermore, quality assurance (QA) measures need to be taken to mitigate the risk of additional, expensive effort for bug fixes or compensations. Automated static analysis (ASA) can reduce this risk because it promises low application effort. SMEs seem to take little advantage of this opportunity. Instead, they still mainly rely on the dynamic analysis approach of software testing. In this article, we report on our experiences from a technology transfer project. Our aim was to evaluate the results static analysis can provide for SMEs as well as the problems that occur when introducing and using static analysis in SMEs. We analysed five software projects from five collaborating SMEs using three different ASA techniques: code clone detection, bug pattern detection and architecture conformance analysis. Following the analysis, we applied a quality model to aggregate and evaluate the results. Our study shows that the effort required to introduce ASA techniques in SMEs is small (mostly below one person-hour each). Furthermore, we encountered only few technical problems. By means of the analyses, we could detect multiple defects in production code. The participating companies perceived the analysis results to be a helpful addition to their current QA and will include the analyses in their QA process. With the help of the Quamoco quality model, we could efficiently aggregate and rate static analysis results. However, we also encountered a partial mismatch with the opinions of the SMEs. We conclude that ASA and quality models can be a valuable and affordable addition to the QA process of SMEs.
  • Thumbnail Image
    ItemOpen Access
    At ease with your warnings: the principles of the salutogenesis model applied to automatic static analysis
    (2016) Ostberg, Jan-Peter; Wagner, Stefan
    The results of an automatic static analysis run can be overwhelming, especially for beginners. The overflow of information and the resulting need for many decisions is mentally tiring and can cause stress symptoms. There are several models in health care which are designed to fight stress. One of these is the salutogenesis model created by Aaron Antonovsky. In this paper, we will present an idea on how to transfer this model into a triage and recommendation model for static analysis tools and give an example of how this can be implemented in FindBugs, a static analysis tool for Java.