Mehdi Mirakhorli

On-demand feature recommendations derived from mining public product descriptions

We present a recommender system that models and recommends product features for a given domain. Our approach mines product descriptions from publicly available online specifications, utilizes text mining and a novel incremental diffusive clustering algorithm to discover domain-specific features, generates a probabilistic feature model that represents commonalities, variants, and cross-category features, and then uses association rule mining and the k-Nearest-Neighbor machine learning strategy to generate product specific feature recommendations. Our recommender system supports the relatively labor-intensive task of domain analysis, potentially increasing opportunities for re-use, reducing time-to-market, and delivering more competitive software products. The approach is empirically validated against 20 different product categories using thousands of product descriptions mined from a repository of free software applications.

A tactic-centric approach for automating traceability of quality concerns

The software architectures of business, mission, or safety critical systems must be carefully designed to balance an exacting set of quality concerns describing characteristics such as security, reliability, and performance. Unfortunately, software architectures tend to degrade over time as maintainers modify the system without understanding the underlying architectural decisions. Although this problem can be mitigated by manually tracing architectural decisions into the code, the cost and effort required to do this can be prohibitively expensive. In this paper we therefore present a novel approach for automating the construction of traceability links for architectural tactics. Our approach utilizes machine learning methods and lightweight structural analysis to detect tactic-related classes. The detected tactic-related classes are then mapped to a Tactic Traceability Information Model. We train our trace algorithm using code extracted from fifteen performance-centric and safety-critical open source software systems and then evaluate it against the Apache Hadoop framework. Our results show that automatically generated traceability links can support software maintenance activities while helping to preserve architectural qualities.

Supporting Domain Analysis through Mining and Recommending Features from Online Product Listings

Domain analysis is a labor-intensive task in which related software systems are analyzed to discover their common and variable parts. Many software projects include extensive domain analysis activities, intended to jumpstart the requirements process through identifying potential features. In this paper, we present a recommender system that is designed to reduce the human effort of performing domain analysis. Our approach relies on data mining techniques to discover common features across products as well as relationships among those features. We use a novel incremental diffusive algorithm to extract features from online product descriptions, and then employ association rule mining and the (k)-nearest neighbor machine learning method to make feature recommendations during the domain analysis process. Our feature mining and feature recommendation algorithms are quantitatively evaluated and the results are presented. Also, the performance of the recommender system is illustrated and evaluated within the context of a case study for an enterprise-level collaborative software suite. The results clearly highlight the benefits and limitations of our approach, as well as the necessary preconditions for its success.

The Twin Peaks of Requirements and Architecture

Quality concerns, often referred to as nonfunctional requirements, service-level agreements, quality attributes, performance constraints, or architecturally significant requirements, describe system-level attributes such as security, performance, reliability, and maintainability. In conjunction with functional requirements, these quality concerns drive and constrain a systems architectural design and often introduce significant trade-offs that must be carefully considered and balanced. The dependencies that exist between requirements and architecture have been referred to as the twin peaks of requirements and architecture. The guest editors of this special issue describe this unique situation.

Using tactic traceability information models to reduce the risk of architectural degradation during system maintenance

The software architectures of safety and mission-critical systems are designed to satisfy and balance an exacting set of quality concerns describing characteristics such as performance, reliability, and safety. Unfortunately, practice has shown that long-term maintenance activities can erode these architectural qualities. In this paper we present a novel solution for preserving architectural qualities through the use of Tactic Traceability Information Models (tTIMs). A tTIM provides a reusable infrastructure of traceability links focused around a commonly implemented architectural tactic, as well as a set of mapping points for tracing the tactic into the architectural design and the implemented code. The use of tTIMs significantly reduces the effort needed to create and maintain traceability links, provides support for visualizing the rationale behind various architectural components, and delivers timely information to maintainers so that they can preserve critical architectural qualities while implementing modifications. Our approach is described and evaluated within the context of a mission-critical software-intensive system.

Tracing architectural concerns in high assurance systems (NIER track)

Software architecture is shaped by a diverse set of interacting and competing quality concerns, each of which may have broad-reaching impacts across multiple architectural views. Without traceability support, it is easy for developers to inadvertently change critical architectural elements during ongoing system maintenance and evolution, leading to architectural erosion. Unfortunately, existing traceability practices, tend to result in the proliferation of traceability links, which can be difficult to create, maintain, and understand. We therefore present a decision-centric approach that focuses traceability links around the architectural decisions that have shaped the delivered system. Our approach, which is informed through an extensive investigation of architectural decisions made in real-world safety-critical and performance-critical applications, provides enhanced support for advanced software engineering tasks.

Detecting, Tracing, and Monitoring Architectural Tactics in Code

Software architectures are often constructed through a series of design decisions. In particular, architectural tactics are selected to satisfy specific quality concerns such as reliability, performance, and security. However, the knowledge of these tactical decisions is often lost, resulting in a gradual degradation of architectural quality as developers modify the code without fully understanding the underlying architectural decisions. In this paper we present a machine learning approach for discovering and visualizing architectural tactics in code, mapping these code segments to tactic traceability patterns, and monitoring sensitive areas of the code for modification events in order to provide users with up-to-date information about underlying architectural concerns. Our approach utilizes a customized classifier which is trained using code extracted from fifty performance-centric and safety-critical open source software systems. Its performance is compared against seven off-the-shelf classifiers. In a controlled experiment all classifiers performed well; however our tactic detector outperformed the other classifiers when used within the larger context of the Hadoop Distributed File System. We further demonstrate the viability of our approach for using the automatically detected tactics to generate viable and informative messages in a simulation of maintenance events mined from Hadoops change management system.

A dataset of open-source Android applications

Android has grown to be the worlds most popular mobile platform with apps that are capable of doing everything from checking sports scores to purchasing stocks. In order to assist researchers and developers in better understanding the development process as well as the current state of the apps themselves, we present a large dataset of analyzed open-source Android applications and provide a brief analysis of the data, demonstrating potential usefulness. This dataset contains 1,179 applications, including 4,416 different versions of these apps and 435,680 total commits. Furthermore, for each app we include the analytical results obtained from several static analysis tools including Androguard, Sonar, and Stowaway. In order to better support the community in conducting research on the security characteristics of the apps, our large analytical dataset comes with the detailed information including various versions of AndroidManifest.xml files and synthesized information such as permissions, intents, and minimum SDK. We collected 13,036 commits of the manifest files and recorded over 69,707 total permissions used. The results and a brief set of analytics are presented on our website: http://androsec.rit.edu.

Variability points and design pattern usage in architectural tactics

Architectural tactics are important building blocks of software architecture. Tactics come in many shapes and sizes, describe solutions for addressing specific quality concerns, and are prevalent across high-performance fault-tolerant systems. Once a decision is made to utilize a tactic, the developer must generate a concrete plan for realizing the tactic in the design and code. Unfortunately, the variability points found in individual tactics can make this a challenging task. To address this knowledge gap, we conducted a study to investigate how design patterns were used to implement various tactics. Data mining techniques were used to identify potential pattern instances within tactic implementations. Our manual analysis of the retrieved data identified a distinct set of variability points for each tactic, as well as corresponding design patterns used to address them. From these observations we construct tactic-level decision trees depicting variability points of a tactic and generate a reference model which provides implementation guidance.

Automated extraction and visualization of quality concerns from requirements specifications

Software requirements specifications often focus on functionality and fail to adequately capture quality concerns such as security, performance, and usability. In many projects, quality-related requirements are either entirely lacking from the specification or intermingled with functional concerns. This makes it difficult for stakeholders to fully understand the quality concerns of the system and to evaluate their scope of impact. In this paper we present a data mining approach for automating the extraction and subsequent modeling of quality concerns from requirements, feature requests, and online forums. We extend our prior work in mining quality concerns from textual documents and apply a sequence of machine learning steps to detect quality-related requirements, generate goal graphs contextualized by project-level information, and ultimately to visualize the results. We illustrate and evaluate our approach against two industrial health-care related systems.