Search for: All records

One of the biggest challenges in code quality assurance is the amount of code that needs to be reviewed at an instance before the code is deployed on production. Reviewers need to check not only coding practices and formatting but also the meaning of the code and its compliance with requirements. Enterprise systems are notoriously known for the large codebase, challenging business logic, and advanced code constructs, which require significant resources for code review. However, enterprise systems use coding constructs that reveal aspects and constraints about the business logic, such as validation, database connection, and API. We extract these aspects and their relationships into a comprehensive metamodel. Next, we persist the metamodel into a graph database and conduct quality assurance checks via database queries. This method significantly reduces the amount of information that needs to be processed while maintaining key enterprise aspects. The method enables system administrators or project managers to discover defects and inconsistencies without reading the code. 

It is important in software development to enforce proper restrictions on protected services and resources. Typically software services can be accessed through REST API endpoints where restrictions can be applied using the Role-Based Access Control (RBAC) model. However, RBAC policies can be inconsistent across services, and they require proper assessment. Currently, developers use penetration testing, which is a costly and cumbersome process for a large number of APIs. In addition, modern applications are split into individual microservices and lack a unified view in order to carry out automated RBAC assessment. Often, the process of constructing a centralized perspective of an application is done using Systematic Architecture Reconstruction (SAR). This article presents a novel approach to automated SAR to construct a centralized perspective for a microservice mesh based on their REST communication pattern. We utilize the generated views from SAR to propose an automated way to find RBAC inconsistencies. 

Program slicing is a common technique to help reconstruct the path of execution a program has taken. It is beneficial for assisting developers in debugging their programs, but its usefulness depends on the slice accuracy that can be achieved, which is limited by the sources of information used in building the slice. In this paper, we demonstrate that two sources of information, namely program logs, and stack traces, previously used in isolation to build program slices, can be combined to build a program slicer capable of handling more scenarios than either method individually. We also demonstrate a sample application of our proposed slicing approach by showing how our slicer can deduce integer inputs that will recreate the detected error’s execution path. 

Microservice architecture has become the leading design for cloud-native systems. The highly decentralized approach to software development consists of relatively independent services, which provides benefits such as faster deployment cycles, better scalability, and good separation of concerns among services. With this new architecture, one can naturally expect a broad range of advancements and simplifications over legacy systems. However, microservice system design remains challenging, as it is still difficult for engineers to understand the system module boundaries. Thus, understanding and explaining the microservice systems might not be as easy as initially thought. This study aims to classify recently published approaches and techniques to analyze microservice systems. It also looks at the evolutionary perspective of such systems and their analysis. Furthermore, the identified approaches target various challenges and goals, which this study analyzed. Thus, it provides the reader with a roadmap to the discipline, tools, techniques, and open challenges for future work. It provides a guide towards choices when aiming for analyzing cloud-native systems. The results indicate five analytical approaches commonly used in the literature, possibly in combination, towards problems classified into seven categories. 

Constraint consistency errors in distributed systems can lead to fatal consequences when left unobserved and undetected. The primary goal of quality engineers should be to avoid system inconsistencies in general. However, it is typically a much more straight forward process in monolith-like systems with one codebase than in distributed solutions where heterogeneity occurs across modules. In this paper, we raise the research question of what is the existing state-of-the-art and research literature practice when it comes to consistency checking in distributed systems. We conducted a systematic search for existing work and assess the evidence to categorize the approaches and to identify used techniques. Identified works offer interesting directions and achievements. Often the works share tool prototypes and instruments to build on the top of when performing further research in this direction and we share them in this paper. Finally, we discuss open challenges and gaps in this field to promote the interest of the research audience.