05 Fakultät Informatik, Elektrotechnik und Informationstechnik

Permanent URI for this collectionhttps://elib.uni-stuttgart.de/handle/11682/6

Browse

Start date: 2020Publication Type: search.filters.UBSTyp.Abschlussarbeit (Master)Institute: search.filters.UBSInstitut.Institut für Softwaretechnologie

Search Results

Now showing 1 - 10 of 12
  • Thumbnail Image
    ItemOpen Access
    Property-based testing : evaluating its applicability and effectiveness for AUTOSAR basic software
    (2020) Bose, Aparna
    Previous work has shown that Property-based Testing (PBT) can be successfully applied to testing synchronous software. For example, it has been demonstrated that PBT can be applied to testing cloud services, web services and telecoms software. But less research has been carried out to evaluate this approach to testing asynchronous code as in automotive software. In the work presented in this Master thesis, the data generation feature of PBT is exploited to test the functionality of a software module based on the AUTOSAR Adaptive Platform. Properties are defined considering the system as a black-box targeting its functionality on an abstract level. First, we apply stateless properties to test a single functionality and thereby find the communication delay needed to incorporate in our testing at system level. Later, we implement a test infrastructure based on stateful properties using the Python tool Hypothesis for the demonstration of research based on PBT. The testing framework is interfaced with the runtime environment to integrate the former with the system being tested. The test inputs generated in this approach are evaluated for their effectiveness and efficiency in testing the software module under test. Finally, experts in the testing field have been interviewed to draw comparisons between PBT and traditional methods of testing.
  • Thumbnail Image
    ItemOpen Access
    Using software-performance-antipatterns and profiling traces to perform code-refactorings
    (2020) Stadelmaier, Niko
    Today, usability, user satisfaction, as well as enterprise adoption of a software application, are highly influenced by the performance of the software application. Therefore, it is required to resolve performance issues as early as possible during the development of the software. Many issues can be resolved during the planning and design phase by integrating a model-based antipattern detection. Such approaches can be easily integrated with continuous development and integration pipelines, which are often used in modern software development following an agile development methodology. The focus of this thesis is to develop an approach that can automatically detect performance antipatterns and suggest refactorings for the found problems. In contrast to model-based approaches, the intention is to detect the problems on the code-level. To tackle the problem, we make use of profiling traces that record the execution of an application. After the initial research on antipatterns in Go, we introduce the identified code-based antipatterns. We then present the benchmark application, where we implemented the problems. This benchmark is then used to generate the profile traces. Now, we analyze how the problems can be detected in the profiles. We then extract our novel code- and profile-patterns from the profiling information. These patterns are then used by our detection tool to identify the problems in the profiles and suggest the respective refactorings. Our results show that our approach can automatically detect performance antipatterns in the profiling data. However, more tests need to be conducted to conclude if the approach can detect antipatterns in the data of other systems.
  • Thumbnail Image
    ItemOpen Access
    Java interface for secure crypto config
    (2020) Teis, Lisa-Marie
    Context: Cryptography is mainly considered in the field of information security for the protection of digital data. But the right selection of a secure set of cryptographic algorithms and parameters can be difficult. Another problem is that provided cryptographic Application Programming Interface (API)s cannot change their default configurations, meaning that they get insecure over time. Aim: The general aim is to create a cryptographic library that allows developers to easily use secure default configurations. Such a library should realize all security-relevant details internally by safe default configurations, which are adapting to changing security standards. To achieve this goal the Secure Crypto Config (SCC) can be used which ensures security, usability, maintainability and up- /downward compatibility. Method: First, a draft for a future standardized Request for comments (RFC) was created. In addition, a sample implementation for the corresponding API in Java was developed. This implementation was evaluated by conducting a study that consists of live programming tasks and online questionnaires. The study should compare the Secure Crypto Config Interface (SCCI) with the standard cryptographic libraries of the Java Development Kit (JDK) and Google Tink. Result: The evaluation has shown that the SCCI is more usable than JDK and Google Tink. By considering the number of security bugs the SCCI is also more secure than JDK. Unfortunately, there was no significant result by comparing the security of the SCCI and Google Tink. Furthermore, no significant difference in the maintainability between the SCCI and the other libraries could be shown. In terms of security and maintainability the SCCI was not significantly better according to statistical tests, nevertheless there are fewer security bugs with the usage of the SCCI. Conclusion: The SCCI is a future-proof alternative to other cryptographic libraries as it has proven to be both more usable and more secure than other implementations. In the next steps, it is now necessary to drive the standardization process forward. Furthermore, implementations in other languages must follow.
  • Thumbnail Image
    ItemOpen Access
    Conception, design and development of an efficient End-to-End test automation of an automotive Measurement, Calibration and Diagnostics (MCD) system
    (2021) Bhingaradiya, Shyamkumar Dhirajlal
    System Testing is an important phase to assure quality of MCD Software Solutions. It involves verification of acquiring accurate, timely, loss free measurement data from different Electronic Control Unit (ECU)s and Sensors using the software, process them and calibrate the ECUs as needed. System test simulates the exact scenario of the use case of an end user. It includes hardware and software together, which forms System Under Test (SUT). Functional correctness is bare minimum and default objective of system testing. This thesis is beyond the functional correctness of the software. The challenges of such software and systems include but not limited to high frequency measurements, acquire from multiple sources of data, hybrid communication protocols, hardware with real-time embedded software, etc. To achieve high quality deliverables to end users, rigors tests are performed to identify and fix any defects and performance deficiencies. This involves pushing the software to perform under high load, fast and mixed data acquisition rates and protocols, extended duration, etc. Such tests assure defect-free, meeting performance characteristics (Non-functional) and efficient software with acceptable degree of endurance and robustness. The challenge to realize this involves verifying high volume of data in a short span of time. At times, it is expected that verification process consumes no time greater than the measurement time. Hence, the verification should happen in parallel to measurements with the maximum utilization of the system infrastructure round the clock without affecting the performance of the test. Additionally, it also demands that tests run 24x7 with no manual intervention in its preparation and execution phase. Any changes in hardware, software or the firmware need regression testing to ensure the same performance characteristics and quality of the system, which needs the implementation of continuous testing using the Continuous Integration (CI)/ Continuous Deployment (CD) pipelines. Also, there are lots of combinations of test cases, under which the test must be performed. A generic and operating system (Windows and Linux) independent approach is desired. Keywords: End-to-End Automation, Continuous Testing, MCD, System Testing, Functional and Non-functional tests, Measurement Data Format (MDF) Verification
  • Thumbnail Image
    ItemOpen Access
    Crunch time in software development: a theory
    (2020) Jozin, Ruzica
    Die meisten Unternehmen versuchen jedes Projekt erfolgreich zu managen und abzuschließen. Um dies sicherzustellen, wird ein gutes Projektmanagement sowie der Einsatz der Mitarbeiter erfordert. Jedoch läuft jedes Projekt individuell und nicht immer nach Plan. Dadurch kommt es zu Zeitplanverzögerungen oder auch scheitern eines Projekts. Aus diesen Gründen entstehen öfter unerwartete Kosten oder stressige Phasen während des Projekts, was zur beeinträchtigung der Mitarbeiter führen kann. Um das Projekt dennoch erfolgreich zu beenden, ist es notwendig „Crunch Time“ Phasen einzuführen, damit die verlorene Zeit sowie nicht erbrachte Leistungen aufgeholt werden können. Das Ziel dieser Masterarbeit ist es herauszufinden, wie sich solche „Crunch Time“ Phasen auf die Personen in der Softwareentwicklung auswirkt und welche Bedeutung Stress und Zeitdruck im gegensatz zu „Crunch Time“ hat. Zur Beantwortung der Forschungsfragen wurde ein persönliches Interview mit Personen aus 3 Unternehmen durchgeführt, die an der Softwareentwicklung beteiligt waren. Die Antworten auf die Interviewfragen zeigen, dass „Crunch Time“ Teil der Softwareentwicklung ist und dass die Begriffe Stress und Zeitdruck unterschiedlich eingegrenzt und interpretiert werden können.
  • Thumbnail Image
    ItemOpen Access
    Generation of reinforcement learning environments from machine-tool descriptions
    (2021) Krimstein, Viktor
    Due to the ever-increasing amount of available data, the technological advances for its processing, and in the context of Industry 4.0, research and industry are focusing on creating increasingly detailed digital twins. These aspire to transfer all the capabilities and attributes of their physical counterparts into the digital world. Digital Twins enable simulations of real production and manufacturing processes to be carried out, new approaches to be tested and, in turn, innovative conclusions to be drawn without having to take the risks that costly machines entail. In parallel, approaches from the fields of machine learning, artificial intelligence and reinforcement learning are finding continuously more applications in the manufacturing and robotics domains. Especially in the latter, OpenAI researchers achieved a breakthrough, namely the construction of a neural network that was trained to solve a Rubik’s cube by a robotic hand using reinforcement learning. For the implementation, appropriate simulation environments were used, in which the agent responsible for controlling the robotic arm could train and learn for an enormous amount of times in the simulation. However, the highly heterogeneous environment in the production environment makes it difficult to integrate reinforcement learning methodologies and create the necessary simulations. Researchers must spend a severe amount of their time implementing interfaces for specific machine-tool related components rather than working on the actual problem. It is exactly this issue that this thesis addresses. The goal of this master thesis is the empirical development of a methodology for the automatic generation of reinforcement learning simulation environments for machine-tools. Within the scope of the thesis, different requirements shall be collected by interviewing domain experts as potential end users, generalized and transferred into a software concept. Furthermore, the possibility of deducing and abstracting state and action spaces for reinforcement learning environments and agents from a given machine-tool description is to be investigated within the scope of this work. In addition, the concept to be developed should be machine-tool and platform-agnostic, as well as modular, so that subsequent research can be conducted upon the presented concept.
  • Thumbnail Image
    ItemOpen Access
    Experimental investigation of the consequences of expected source code understandability
    (2020) Merz, Lasse
    Understanding program code represents an essential part of most developers’ work. Any maintenance task requires the comprehension of the corresponding code as a first step. For that reason, software companies pay close attention to the quality of their codebase. It has become a standard to incorporate static analysis tools in the software process in order to automatically identify code smells and help developers to improve their code. However, the majority of metrics that are used in static analysis tools lack empirical evidence. We do not know how these unvalidated metrics influence the cognitive process of developers in regard to program comprehension. In this work, we investigate the consequences of presenting different understandability values to developers prior to them inspecting a code snippet. We analyze to what extent this understandability metric impacts the expectations, motivation, and affective states of programmers. To this end, we conduct an experiment through an online survey with 81 developers randomly assigned to one of three treatment groups with different presented understandability values. Before and after the task of judging the understandability of a code snippet, participants have to report their expectations, motivation, and affective state with regard to understanding the code snippet. In addition, two code snippets are used to evaluate differences in perception, motivation, affect, and understandability judgment as a result of the actual difficulty of the code snippets. Our findings show no significant effect for expectations, motivation nor affective states as a consequence of the presented understandability value. However, we observe a significant positive linear relationship with expectations explaining 18.3% of the variance of motivation at an alpha level of 0.0056 with a large effect. Similarly, differences between expectations of understanding the code snippet before seeing it and the perception of understanding it afterwards demonstrate the same significant positive relationship with motivation difference. Our results show an even larger correlation between expectation to perception difference with a happiness difference of participants, indicating that being positively surprised by understanding a code snippet corresponds with increased motivation and happiness. Lastly, presenting programmers’ different understandability values does not influence the assessment of the code snippet. Generalization of these results is limited by the use of small code snippets of 20 to 30 lines of code. Furthermore, expectation and motivation are measured through a self-created and therefore unvalidated instrument. The results showcase the importance of managing expectations in order to increase motivation and affect of developers. Additionally, contrasting to prior work understandability metrics seem to not pose a threat of biasing programmers in their expectations towards and assessment of source code.
  • Thumbnail Image
    ItemOpen Access
    Factors leading to retention and organizational turnover in software engineering : a conceptual model
    (2020) Gürtler, Matthias
    Since several years the software engineering industry is facing high financial and intellectual loss due to employees frequently leaving the companies. Therefore it is important to understand the reasons and intentions of employees to counteract these factors and foster retention. There is a certain body of knowledge regarding retention and turnover from other domains, however the knowledge regarding software engineering is rather limited. This thesis proposes a conceptual model for turnover in the IT domain. It is based on knowledge collected in a comprehensive snowball literature research based on a tentative start set of papers from several domains. The model was then tested in the perspective of a company that is known as a good place to work by conducting an explorative questionnaire case study with several employees of said company. The results of the survey showed some support of the propositions, but there is no statistically significant evidence of the relationship between the factors and turnover or retention mainly because of the small size of the population sample. Nevertheless, several insights could be gained from the survey results, such as identifying social support as one of the most important personal aspects for many participants. These findings led to a revision of the model to better reflect the situation perceived from the survey results. This revised model requires another study to support it, though. Based on the findings of the study, the thesis closes with some suggestions regarding future research in the context of this project.
  • Thumbnail Image
    ItemOpen Access
    Experimentelle Untersuchung des Placeboeffekts beim Verstehen von Quellcode
    (2020) Preikschat, Andreas
    Hintergrund: Softwaremetriken zur Messung von Komplexität sind fester Bestandteil der Softwaretechnik. Metriken werden zum Beispiel verwendet, um die Komplexität von Quellcode zu quantifizieren, viele dieser Metriken sind jedoch nicht ausreichend validiert. In der Softwaretechnik sind Placeboeffekte – nach unserem Wissen – bisher nicht untersucht. Außerhalb der Softwaretechnik sind sie in einer Vielzahl von Kontexten bekannt und können sich zum Beispiel auf Kognition auswirken. Es ist ungeklärt, ob nicht ausreichend validierte Metriken durch Placeboeffekte einen Einfluss auf Kognition von Softwareentwicklern haben. Ziel: In dieser Arbeit untersuchen wir den Einfluss von nicht validierten Softwaremetriken im Kontext von Placeboeffekten beim Verstehen von Quellcode in Hinblick auf das Codeverständnis von Softwareentwicklern. Methode: Wir führen ein doppelt-blindes Experiment mit 45 Teilnehmern, einer unabhängigen Variable und zwei Treatment-Gruppen durch. Teilnehmer müssen Java-Methoden verstehen und Rückgabewerte berechnen. Als Treatment wird jeder Gruppe eine andere Bewertung der Verständlichkeit, in Form einer manipulierten Metrik, präsentiert. Wir untersuchen, welchen Einfluss eine manipulierte Metrik auf die subjektive Wahrnehmung hat (RQ1) und, ob die Manipulation einen Einfluss auf das Codeverständnis hat (RQ2). Weiter untersuchen wir explorativ, welche individuellen Charakteristiken dabei eine Rolle spielen (RQ3). Ergebnisse: Die beiden Gruppen haben identische Java-Methoden signifikant unterschiedlich bewertet (RQ1). Die Gruppen waren bezüglich ihres Codeverständnisses nicht signifikant unterschiedlich (RQ2). In der explorativen Analyse wurde eine Korrelation mit dem Grad, mit dem Teilnehmer sich an den vorgegebenen Metrikwert gehalten haben, und dem individuellen Charakteristikum „Ängstlichkeit“ gefunden (RQ3). Limitationen: Um einen möglichen starken Placeboeffekt zu erreichen, haben wir die Metrik sehr prominent platziert und beworben, in Entwicklungsumgebungen ist dies meistens nicht der Fall. Schlussfolgerung: Diese Arbeit zeigt, dass Verankerung durch Softwaremetriken möglich ist und bei Experimenten, die Teilnehmer nach einer subjektiven Bewertung fragen, darauf geachtet werden sollte, dass Teilnehmer nicht durch angezeigte Metriken in ihrer Bewertung verankert werden. In der Praxis könnte sich dies beispielsweise bei Aufwandsschätzungen unter Zuhilfenahme von Metriken zeigen.
  • Thumbnail Image
    ItemOpen Access
    Collection telemetry data for a static code analysis tool in a data protection compliant way
    (2021) Wang, Xusong
    Mit der rasanten Entwicklung der Informatik und der langfristigen Entwicklung von Softwarediensten sammeln und analysieren viele Softwareunternehmen routinemäßig Telemetriedaten von Benutzern, um die Benutzererfahrung zu verbessern. Das gilt auch für uns. Um die Leistung eines statischen Code-Analyse-Tools zu verbessern, ist es konstruktiv, Tool-Entwicklern Verständlichkeit und Feedback zu entsprechenden Vorgängen zu bieten. Die Erfassung von Telemetriedaten kann jedoch die Benutzererfahrung verbessern und birgt auch offensichtliche Risiken für die Privatsphäre des Benutzers. Zunächst haben wir Hintergrundwissen und Vorschriften zum Schutz der Privatsphäre bereitgestellt. Mit Unterstützung der Methodik haben wir schrittweise eine Top-Down-Datenschutzanalysemethode STPA-Priv angewendet, um das Datenschutzrisiko der Telemetriefunktion zu bewerten. Die Anwendung von STPA-Priv zeigt seine Flexibilität und Praktikabilität in sozio-technologischen Szenarien. Anschließend haben wir ein Telemetriedatensystem für den Rückkopplungskanal eines statischen Code-Analyse-Tools entwickelt. Wir haben während dieses Prozesses verschiedene Verschlüsselungsschemata diskutiert und verglichen und schließlich ein hybrides Verschlüsselungsschema von RSA und AES ermittelt. Danach haben wir eine abstrakte Codedarstellung vorgeschlagen, einen abstrakten Syntaxbaum, der die Privatsphäre schützt und die geistigen Eigentumsrechte des Quellcodes garantiert. Schließlich haben wir den Prototyp des Telemetriekanals in der Praxis fertiggestellt und getestet. Die experimentellen Ergebnisse zeigten, dass der für statische Code-Analyse-Tools entwickelte Feedback-Kanal die Nützlichkeit von Daten auf der Grundlage des Schutzes der Benutzerdatensicherheit garantiert.