Mario Bernhart

Dimensions of software engineering course design

A vast variety of topics relate to the field of Software Engineering. Some universities implement curricula covering all aspects of Software Engineering. A number of other courses cover detailed aspects, e.g. programming, usability and security issues, analysis, architecture, design, and quality. Other universities offer general curricula considering Software Engineering in few or single course only. In each case, a course set has to be defined which directly relates to a specific student outcome. This work provides a method for categorizing and analyzing a course set within abstract dimensions for course design. We subsequently show the results of applying the dimensions to the course degree scheme in use. The course design dimensions can also be related to the student outcomes defined in SE2004 CC Section 3.2 [10].

Adopting Code Reviews for Agile Software Development

Code reviews have many benefits, most importantly to find bugs early in the development phase and to enforce coding standards. Still, it is widely accepted that formal code reviews are time-consuming and the practical applicability in agile development is controversial. This work presents a continuous differential-based method and tool for code reviews. By using a continuous approach to code reviews, the review overhead can be reduced and the effectiveness and applicability in agile environments shall be improved.

On the understanding of programs with continuous code reviews

Code reviews are a very effective, but effortful quality assurance technique. A major problem is to read and understand source-code that was produced by someone else. With different programming styles and complex interactions, understanding the code under review is the most expensive sub-task of a code review. As with many other modern software engineering practices, code reviews may be applied as a continuous process to reduce the effort and support the concept of collective ownership. This study evaluates the effect of a continuous code review process on the understandability and collective ownership of the code base. A group of 8 subjects performed a total of 114 code reviews within 18 months in an industrial context and conducted an expert evaluation according to this research question. This study concludes that there is a clear positive effect on the understandability and collective ownership of the code base with continuous code reviews, but also limiting factors and drawbacks for complex review tasks.

Predicting Code Change by Using Static Metrics

Maintenance of software is risky, potentially expensive – and inevitable. The main objective of this study is to examine the relationship of code change, referred to as maintenance effort, with source-level software metrics. This approach varies from the typical approach of evaluating software metrics against failure data and provides a different angle on the validation of software metrics. The goal of this study is to show through exhaustive data mining that a relation between software metrics and code change exists. Once this connection is established, a set of software metrics is identified, which will be used in further studies to predict code change in problematic modules identified by the software metrics at an early development stage.

Applying Continuous Code Reviews in Airport Operations Software

Code reviews are an integral part of the development of a dependable system such as for airport operations. It is commonly accepted that code reviews are an effective quality assurance technique even if a rigorous application is also a high cost factor. For large software systems a formal method may be inapplicable throughout the whole code base. In this study an airport operational database (AODB) is developed with the application of a more lightweight approach to code reviews. A continuous, distributed and change-based process is applied by the development team and evaluated in comparison to team walkthroughs (IEEE-1028) as a baseline method. The application showed to be highly useful, equally effective as the baseline, but more efficient especially for the preparation, execution and rework effort. The results show that continuous code reviews also support the understanding of the code base and the concept of collective ownership. Such processes may not completely substitute a more formal and effortful technique. Especially for reviewing critical design aspects or complex items a traditional approach is still more appropriate. The main outcome is that such lightweight code reviews may be used together with more formal approaches to ensure a high coverage and that the degree of formalism should be adopted to the criticality of the item under review.

Mining security changes in FreeBSD

Current research on historical project data is rarely touching on the subject of security related information. Learning how security is treated in projects and which parts of a software are historically security relevant or prone to security changes can enhance the security strategy of a software project. We present a mining methodology for security related changes by modifying an existing method of software repository analysis. We use the gathered security changes to find out more about the nature of security in the FreeBSD project and we try to establish a link between the identified security changes and a tracker for security issues (security advisories). We give insights how security is presented in the FreeBSD project and show how the mined data and known security problems are connected.

Incremental reengineering and migration of a 40 year old airport operations system

This report describes the challenges and experiences with the incremental re-engineering and migration of a 40 year old airport operations system. The undocumented COBOL legacy system has to be replaced within given constraints such as limited downtime. A 3-step technical strategy is derived and successfully applied to the re-engineering task in this project. The incremental approach and resulting parallel operations of both systems are the most significant technical drivers for complexity in this environment. Furthermore, this report describes the process for planning, analyzing and designing a replacement system that is backed by strong user acceptance. The user interface design task of taking the system from VT100 to a web interface was a critical success factor, as well as live testing with actual production data and actual user interactions. Other aspects such as training and end user documentation are discussed.

Digging deep: Software reengineering supported by database reverse engineering of a system with 30+ years of legacy

This paper describes the industrial experience in performing database reverse engineering on a large scale software reengineering project. The project in question deals with a highly heterogeneous in-house information system (IS) that has grown and evolved in numerous steps over the past three decades. This IS consists of a large number of loosely coupled single purpose systems with a database driven COBOL application at the centre, which has been adopted and enhanced to expose some functionality over the web. The software reengineering effort that provides the context for this paper deals with unifying these components and completely migrating the IS to an up-to-date and homogeneous platform. A database reverse engineering (DRE) process was tailored to suit the project environment consisting of almost 350 tables and 5600 columns. It aims at providing the developers of the software reengineering project with the necessary information about the more than thirty year old legacy databases to successfully perform the data migration. The application of the DRE process resulted in the development of a high-level categorization of the data model, a wiki based redocumentation structure and the essential data-access statistics.

A Task-Based Code Review Process and Tool to Comply with the DO-278/ED-109 Standard for Air Traffic Managment Software Development: An Industrial Case Study

Software reviews are one of the most efficient quality assurance techniques in software engineering. They are required for the enhancement of the software quality in early phases of the development process and often used in development of safety critical systems. In the field of software engineering for Air Traffic Management (ATM) the standard DO-278/ED-109 requires the rigorous application of code reviews and fully traceable reporting of the results. This case study presents a process and an IDE-integrated tool that complies with the requirements of the standard.

An experience report on the incremental adoption and evolution of an SPL in eHealth

This work presents an experience report on the evolutionary development of a software product line (SPL) in the eHealth domain. The effort was triggered by the concurrent development of two similar products and the ambition to reduce redundant development and quality assurance. The result is a scalable base for a complex, highly adaptable information system. This system is required to be applicable in multiple business domains and diverging environments ranging from large scale hospitals to single practitioner clinics. During this effort we were able to extract the common denominator in the form of core assets from existing applications specific to a medical field. For customisations well defined variation points were developed. Our solution allows for easy implementation of medical documentation requirements compared to tedious development of new applications from scratch. It significantly reduced the necessary development effort and time to market. The resulting core documentation platform can be used for an arbitrary medical field completely eliminating the dependence on the specific customer domain.