References of "Briand, Lionel 50001049"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailMiL Testing of Highly Configurable Continuous Controllers: Scalable Search Using Surrogate Models
Matinnejad, Reza UL; Nejati, Shiva UL; Briand, Lionel UL et al

in International Conference on Automated Software Engineering (ASE 2014) (2014, September)

Continuous controllers have been widely used in automotive do- main to monitor and control physical components. These con- trollers are subject to three rounds of testing: Model-in-the-Loop (MiL ... [more ▼]

Continuous controllers have been widely used in automotive do- main to monitor and control physical components. These con- trollers are subject to three rounds of testing: Model-in-the-Loop (MiL), Software-in-the-Loop and Hardware-in-the-Loop. In our earlier work, we used meta-heuristic search to automate MiL test- ing of fixed configurations of continuous controllers. In this paper, we extend our work to support MiL testing of all feasible configura- tions of continuous controllers. Specifically, we use a combination of dimensionality reduction and surrogate modeling techniques to scale our earlier MiL testing approach to large, multi-dimensional input spaces formed by configuration parameters. We evaluated our approach by applying it to a complex, industrial continuous controller. Our experiment shows that our approach identifies test cases indicating requirements violations. Further, we demonstrate that dimensionally reduction helps generate surrogate models with higher prediction accuracy. Finally, we show that combining our search algorithm with surrogate modelling improves its efficiency for two out of three requirements. [less ▲]

Detailed reference viewed: 237 (57 UL)
Full Text
Peer Reviewed
See detailCoCoTest: A Tool for Model-in-the-Loop Testing of Continuous Controller
Matinnejad, Reza UL; Nejati, Shiva UL; Briand, Lionel UL et al

in International Conference on Automated Software Engineering (ASE 2014) (2014, September)

We present CoCoTest, a tool for automated testing of continuous controllers at the Model-in-the-Loop stage. CoCoTest combines explorative and exploitative search algorithms to identify scenar- ios in the ... [more ▼]

We present CoCoTest, a tool for automated testing of continuous controllers at the Model-in-the-Loop stage. CoCoTest combines explorative and exploitative search algorithms to identify scenar- ios in the controller input space that violate or are likely to violate the controller requirements. This enables a scalable and systematic way to test continuous properties of such controllers. Our experi- ments show that CoCoTest identifies critical flaws in the controller design that are rarely found by manual testing and go unnoticed until late stages of embedded software system development. [less ▲]

Detailed reference viewed: 191 (31 UL)
Full Text
Peer Reviewed
See detailWorst-case Scheduling of Software Tasks: A Constraint Optimization Model to Support Performance Testing
Di Alesio, Stefano UL; Nejati, Shiva UL; Briand, Lionel UL et al

in International Conference on Principles and Practice of Constraint Programming (2014, September)

Detailed reference viewed: 131 (12 UL)
Full Text
Peer Reviewed
See detailAutomated Detection and Resolution of Legal Cross References: Approach and a Study of Luxembourg's Legislation
Adedjouma, Morayo UL; Sabetzadeh, Mehrdad UL; Briand, Lionel UL

in 22nd IEEE International Requirements Engineering Conference (2014, August 25)

Detailed reference viewed: 174 (25 UL)
Full Text
Peer Reviewed
See detailRequirement Boilerplates: Transition From Manually-Enforced to Automatically-Verifiable Natural Language Patterns
Arora, Chetan UL; Sabetzadeh, Mehrdad UL; Briand, Lionel UL et al

in Requirements Patterns (RePa), 2014 IEEE 4th International Workshop on (2014, August)

By enforcing predefined linguistic patterns on requirements statements, boilerplates serve as an effective tool for mitigating ambiguities and making Natural Language requirements more amenable to ... [more ▼]

By enforcing predefined linguistic patterns on requirements statements, boilerplates serve as an effective tool for mitigating ambiguities and making Natural Language requirements more amenable to automation. For a boilerplate to be effective, one needs to check whether the boilerplate has been properly applied. This should preferably be done automatically, as manual checking of conformance to a boilerplate can be laborious and error prone. In this paper, we present insights into building an automatic solution for checking conformance to requirement boilerplates using Natural Language Processing (NLP). We present a generalizable method for casting requirement boilerplates into automated NLP pattern matchers and reflect on our practical experience implementing automated checkers for two well-known boilerplates in the RE community. We further highlight the use of NLP for identification of several problematic syntactic constructs in requirements which can lead to ambiguities. [less ▲]

Detailed reference viewed: 218 (29 UL)
Full Text
Peer Reviewed
See detailEmpirical Evaluations on the Cost-Effectiveness of State-Based Testing: An Industrial Case Study
Holt, Nina; Briand, Lionel UL; Torkar, Richard

in Information & Software Technology (2014), 56(8), 890910

Detailed reference viewed: 121 (13 UL)
Full Text
Peer Reviewed
See detailAutomated Testing for SQL Injection Vulnerabilities: An Input Mutation Approach
Appelt, Dennis UL; Nguyen, Duy Cu UL; Briand, Lionel UL et al

in Proc. of the International Symposium on Software Testing and Analysis 2014 (2014, July 21)

Web services are increasingly adopted in various domains, from finance and e-government to social media. As they are built on top of the web technologies, they suffer also an unprecedented amount of ... [more ▼]

Web services are increasingly adopted in various domains, from finance and e-government to social media. As they are built on top of the web technologies, they suffer also an unprecedented amount of attacks and exploitations like the Web. Among the attacks, those that target SQL injection vulnerabilities have consistently been top-ranked for the last years. Testing to detect such vulnerabilities before making web services public is crucial. We present in this paper an automated testing approach, namely μ4SQLi, and its underpinning set of mutation operators. μ4SQLi can produce effective inputs that lead to executable and harmful SQL statements. Executability is key as otherwise no injection vulnerability can be exploited. Our evaluation demonstrated that the approach is effective to detect SQL injection vulnerabilities and to produce inputs that bypass application firewalls, which is a common configuration in real world. [less ▲]

Detailed reference viewed: 446 (34 UL)
Full Text
Peer Reviewed
See detailAn Extended Systematic Literature Review on Provision of Evidence for Safety Certification
Nair, Sunil; de la Vara, Jose Luis; Sabetzadeh, Mehrdad UL et al

in Information & Software Technology (2014), 56(7), 689717

Detailed reference viewed: 184 (14 UL)
Full Text
Peer Reviewed
See detailOCLR: a More Expressive, Pattern-based Temporal Extension of OCL
Dou, Wei UL; Bianculli, Domenico UL; Briand, Lionel UL

in Proceedings of the 2014 European Conference on Modelling Foundations and Applications (ECMFA 2014) (2014, July)

Detailed reference viewed: 163 (22 UL)
Full Text
Peer Reviewed
See detailIdentifying Optimal Trade-Offs between CPU Time Usage and Temporal Constraints Using Search
Nejati, Shiva UL; Briand, Lionel UL

in International Symposium on Software Testing and Analysis (ISSTA 2014) (2014, July)

Integration of software from different sources is a critical activity in many embedded systems across most industry sectors. Software integrators are responsible for producing reliable systems that ... [more ▼]

Integration of software from different sources is a critical activity in many embedded systems across most industry sectors. Software integrators are responsible for producing reliable systems that fulfill various functional and performance requirements. In many situations, these requirements inversely impact one another. In particular, embedded system integrators often need to make compromises regarding some of the functional system properties to optimize the use of various resources, such as CPU time. In this paper, motivated by challenges faced by industry, we introduce a multi-objective decision support approach to help balance the minimization of CPU time usage and the satisfaction of temporal constraints in automotive systems. We develop a multi-objective, search-based optimization algorithm, specifically designed to work for large search spaces, to identify optimal trade-off solutions fulfilling these two objectives. We evaluated our algorithm by applying it to a large automotive system. Our results show that our algorithm can find solutions that are very close to the estimated ideal optimal values, and further, it finds significantly better solutions than a random strategy while being faster. Finally, our approach efficiently identifies a large number of diverse solutions, helping domain experts and other stakeholders negotiate the solutions to reach an agreement. [less ▲]

Detailed reference viewed: 188 (30 UL)
Full Text
Peer Reviewed
See detailArchitecture-Level Configuration of Large-Scale Embedded Software Systems
Behjati, Razieh; Nejati, Shiva UL; Briand, Lionel UL

in ACM Transactions on Software Engineering & Methodology (2014), 23(3),

Configuration in the domain of integrated control systems (ICS) is largely manual, laborious, and error-prone. In this paper, we propose a model-based configuration approach that provides automation ... [more ▼]

Configuration in the domain of integrated control systems (ICS) is largely manual, laborious, and error-prone. In this paper, we propose a model-based configuration approach that provides automation support for reducing configuration effort and the likelihood of configuration errors in the ICS domain. We ground our approach on componentbased specifications of ICS families. We then develop a configuration algorithm using constraint satisfaction techniques over finite domains to generate products that are consistent with respect to their ICS family specifications. We reason about the termination and consistency of our configuration algorithm analytically. We evaluate the effectiveness of our configuration approach by applying it to a real subsea oil production system. Specifically, we have rebuilt a number of existing verified product configurations of our industry partner. Our experience shows that our approach can automatically infer up to 50% of the configuration decisions, and reduces the complexity of making configuration decisions. [less ▲]

Detailed reference viewed: 203 (35 UL)
Full Text
See detailInsights and Lessons Learned from Analyzing ICSE 2014 Survey and Review Data
Briand, Lionel UL; van der Hoek, André

Report (2014)

Detailed reference viewed: 3020 (43 UL)
Full Text
See detailA Model-Driven Approach to Offline Trace Checking of Temporal Properties with OCL
Dou, Wei UL; Bianculli, Domenico UL; Briand, Lionel UL

Report (2014)

Offline trace checking is a procedure for evaluating requirements over a log of events produced by a system. The goal of this paper is to present a practical and scalable solution for the offline checking ... [more ▼]

Offline trace checking is a procedure for evaluating requirements over a log of events produced by a system. The goal of this paper is to present a practical and scalable solution for the offline checking of the temporal requirements of a system, which can be used in contexts where model-driven engineering is already a practice, where temporal specifications should be written in a domain-specific language not requiring a strong mathematical background, and where relying on standards and industry-strength tools for property checking is a fundamental prerequisite. The main contributions are: the TemPsy language, a domain-specific specification language based on common property specification patterns, and extended with new constructs; a model-driven offline trace checking procedure based on the mapping of requirements written in TemPsy into OCL (Object Constraint Language) constraints on a conceptual model on execution traces, which can be evaluated using an OCL checker; the implementation of this trace checking procedure in the TemPsy-Check tool; the evaluation of the scalability of TemPsy-Check and its comparison to a state-of-the-art alternative technology. The proposed approach has been applied to a case study developed in collaboration with a public service organization, active in the domain of business process modeling for eGovernment. [less ▲]

Detailed reference viewed: 453 (128 UL)
Full Text
Peer Reviewed
See detailApplying UML/MARTE on industrial projects: challenges, experiences, and guidelines
Iqbal, Zohaib; Ali, Shaukat; Yue, Tao et al

in Software & Systems Modeling (2014)

Detailed reference viewed: 232 (16 UL)
Full Text
Peer Reviewed
See detailTraceability and SysML Design Slices to Support Safety Inspections: A Controlled Experiment
Briand, Lionel UL; Falessi, Davide; Nejati, Shiva UL et al

in ACM Transactions on Software Engineering & Methodology (2014), 23(1),

Detailed reference viewed: 212 (49 UL)
Full Text
See detailOCLR: a More Expressive, Pattern-based Temporal Extension of OCL
Dou, Wei UL; Bianculli, Domenico UL; Briand, Lionel UL

Report (2014)

Modern enterprise information systems often require to specify their functional and non-functional (e.g., Quality of Service) requirements using expressions that contain temporal constraints ... [more ▼]

Modern enterprise information systems often require to specify their functional and non-functional (e.g., Quality of Service) requirements using expressions that contain temporal constraints. Specification approaches based on temporal logics demand a certain knowledge of mathematical logic, which is difficult to find among practitioners; moreover, tool support for temporal logics is limited. On the other hand, a standard language such as the Object Constraint Language (OCL), which benefits from the availability of several industrial-strength tools, does not support temporal expressions. In this paper we propose OCLR, an extension of OCL with support for temporal constraints based on well-known property specification patterns. With respect to previous extensions, we add support for referring to a specific occurrence of an event as well as for indicating a time distance between events and/or scope boundaries. The proposed extension defines a new syntax, very close to natural language, paving the way for a rapid adoption by practitioners. We show the application of the language in a case study in the domain of eGovernment, developed in collaboration with a public service partner. [less ▲]

Detailed reference viewed: 287 (87 UL)
Full Text
See detailBlack-box SQL Injection Testing
Appelt, Dennis UL; Alshahwan, Nadia UL; Nguyen, Duy Cu UL et al

Report (2014)

Web services are increasingly adopted in various domains, from finance and e-government to social media. As they are built on top of the web technologies, they suffer also an unprecedented amount of ... [more ▼]

Web services are increasingly adopted in various domains, from finance and e-government to social media. As they are built on top of the web technologies, they suffer also an unprecedented amount of attacks and exploitations like the Web. Among the attacks, those that target SQL injection vulnerabilities have consistently been top-ranked for the last years. Testing to detect such vulnerabilities before making web services public is crucial. We present in this report an automated testing approach, namely μ4SQLi, and its underpinning set of mutation operators. μ4SQLi can produce effective inputs that lead to executable and harmful SQL statements. Executability is key as otherwise no injection vulnerability can be exploited. Our evaluation demonstrated that the approach outperforms contemporary known attacks in terms of vulnerability detection and the ability to get through an application firewall, which is a popular configuration in real world. [less ▲]

Detailed reference viewed: 664 (59 UL)
Full Text
Peer Reviewed
See detailModel-Based Testing of Obligations
Rubab, Iram; Ali, Shaukat; Briand, Lionel UL et al

in 14th Annual International Conference on Quality Software (QSIC) (2014)

Obligations are mandatory actions that users must perform, addressing access control requirements. To ensure that such obligations are implemented correctly, an automated and systematic testing approach ... [more ▼]

Obligations are mandatory actions that users must perform, addressing access control requirements. To ensure that such obligations are implemented correctly, an automated and systematic testing approach is often recommended. One such approach is Model-Based Testing (MBT) that allows defining cost-effective testing strategies to support rigorous testing via automation. In this paper, we present MBT for obligations by extending the Unified Modeling Language (UML) via a profile called the Obligations Profile. Based on the profile, we define a modeling methodology utilizing the concepts of Obligations Class Diagrams (OCDs) and Obligations State Machines (OSMs), which are standard UML Class Diagrams and UML State Machines with stereotypes from the Obligations Profile. Our methodology, using OCDs and OSMs, is automatically enforced by the validation of constraints defined in the profile. To assess the completeness and applicability of the profile and methodology, we modeled 47 obligations from four different systems. The results of our case study show that we successfully modeled all the obligations and used 75% of the stereotypes that we defined in the profile. In addition, using OCDs and OSMs, we automatically generate executable test cases using a standard state machine structural coverage criterion and common test data generation strategies. The effectiveness of generated test cases is assessed using mutation analysis on two systems, using mutation operators specifically designed for obligation faults. Test case execution killed 75% of the mutants and a careful analysis further suggests that more sophisticated testing strategies must be defined to further improve testing effectiveness. [less ▲]

Detailed reference viewed: 106 (1 UL)
Full Text
Peer Reviewed
See detailUsing UML for Modeling Procedural Legal Rules: Approach and a Study of Luxembourg’s Tax Law
Soltana, Ghanem UL; Fourneret, Elizabeta; Adedjouma, Morayo UL et al

in 17th ACM/IEEE International Conference on Model Driven Engineering Languages and Systems (MODELS'14) (2014)

Many laws, e.g., those concerning taxes and social benefits, need to be operationalized and implemented into public administration procedures and eGovernment applications. Where such operationalization is ... [more ▼]

Many laws, e.g., those concerning taxes and social benefits, need to be operationalized and implemented into public administration procedures and eGovernment applications. Where such operationalization is warranted, the legal frameworks that interpret the underlying laws are typically prescriptive, providing procedural rules for ensuring legal compliance. We propose a UML-based approach for modeling pro- cedural legal rules. With help from legal experts, we investigate actual legal texts, identifying both the information needs and sources of com- plexity in the formalization of procedural legal rules. Building on this study, we develop a UML profile that enables more precise modeling of such legal rules. To be able to use logic-based tools for compliance analysis, we automatically transform models of procedural legal rules into the Object Constraint Language (OCL). We report on an application of our approach to Luxembourg’s Income Tax Law providing initial evidence for the feasibility and usefulness of our approach. [less ▲]

Detailed reference viewed: 253 (72 UL)
Full Text
Peer Reviewed
See detailModel Based Test Validation and Oracles for Data Acquisition Systems
Di Nardo, Daniel UL; Alshahwan, Nadia UL; Briand, Lionel UL et al

in IEEE/ACM International Conference on Automated Software Engineering (2013, November)

Detailed reference viewed: 244 (37 UL)