Search for: All records

One of the biggest challenges in code quality assurance is the amount of code that needs to be reviewed at an instance before the code is deployed on production. Reviewers need to check not only coding practices and formatting but also the meaning of the code and its compliance with requirements. Enterprise systems are notoriously known for the large codebase, challenging business logic, and advanced code constructs, which require significant resources for code review. However, enterprise systems use coding constructs that reveal aspects and constraints about the business logic, such as validation, database connection, and API. We extract these aspects and their relationships into a comprehensive metamodel. Next, we persist the metamodel into a graph database and conduct quality assurance checks via database queries. This method significantly reduces the amount of information that needs to be processed while maintaining key enterprise aspects. The method enables system administrators or project managers to discover defects and inconsistencies without reading the code. 

Microservice Architecture (MSA) is becoming the predominant direction of new cloud-based applications. There are many advantages to using microservices, but also downsides to using a more complex architecture than a typical monolithic enterprise application. Beyond the normal poor coding practices and code smells of a typical application, microservice-specific code smells are difficult to discover within a distributed application setup. There are many static code analysis tools for monolithic applications, but tools to offer code-smell detection for microservice-based applications are lacking. This paper proposes a new approach to detect code smells in distributed applications based on microservices. We develop an MSANose tool to detect up to eleven different microservice specific code smells and share it as open-source. We demonstrate our tool through a case study on two robust benchmark microservice applications and verify its accuracy. Our results show that it is possible to detect code smells within microservice applications using bytecode and/or source code analysis throughout the development process or even before its deployment to production. 

Poor design choices, bad coding practices, or the need to produce software quickly can stand behind technical debt. Unfortunately, manually identifying and managing technical debt gets more difficult as the software matures. Recent research offers various techniques to automate the process of detecting and managing technical debt to address these challenges. This manuscript presents a mapping study of the many aspects of technical debt that have been discovered in this field of study. This includes looking at the various forms of technical debt, as well as detection methods, the financial implications, and mitigation strategies. The findings and outcomes of this study are applicable to a wide range of software development life-cycle decisions. 

Debugging and error resolution has become increasingly time-consuming and difficult for all domains of software development. Error logs have become very important when it comes to debugging and error resolution. To remedy the problems presented in the logs, typically, a search on online forums would shed light on the solution. We present a novel approach to utilizing these logs in conjunction with external Question and Answer forums to compute and expedite resolution by suggesting a solution to runtime errors. Since log format is non-standard and use cases can vary widely, our architecture allows for extreme customization for the intended ecosystem as well as a great degree of fine-tuning. We evaluated our solution in a case study and made our implementation open-source for the community. 

It is important in software development to enforce proper restrictions on protected services and resources. Typically software services can be accessed through REST API endpoints where restrictions can be applied using the Role-Based Access Control (RBAC) model. However, RBAC policies can be inconsistent across services, and they require proper assessment. Currently, developers use penetration testing, which is a costly and cumbersome process for a large number of APIs. In addition, modern applications are split into individual microservices and lack a unified view in order to carry out automated RBAC assessment. Often, the process of constructing a centralized perspective of an application is done using Systematic Architecture Reconstruction (SAR). This article presents a novel approach to automated SAR to construct a centralized perspective for a microservice mesh based on their REST communication pattern. We utilize the generated views from SAR to propose an automated way to find RBAC inconsistencies. 

Microservice architecture has become the leading design for cloud-native systems. The highly decentralized approach to software development consists of relatively independent services, which provides benefits such as faster deployment cycles, better scalability, and good separation of concerns among services. With this new architecture, one can naturally expect a broad range of advancements and simplifications over legacy systems. However, microservice system design remains challenging, as it is still difficult for engineers to understand the system module boundaries. Thus, understanding and explaining the microservice systems might not be as easy as initially thought. This study aims to classify recently published approaches and techniques to analyze microservice systems. It also looks at the evolutionary perspective of such systems and their analysis. Furthermore, the identified approaches target various challenges and goals, which this study analyzed. Thus, it provides the reader with a roadmap to the discipline, tools, techniques, and open challenges for future work. It provides a guide towards choices when aiming for analyzing cloud-native systems. The results indicate five analytical approaches commonly used in the literature, possibly in combination, towards problems classified into seven categories. 

Constraint consistency errors in distributed systems can lead to fatal consequences when left unobserved and undetected. The primary goal of quality engineers should be to avoid system inconsistencies in general. However, it is typically a much more straight forward process in monolith-like systems with one codebase than in distributed solutions where heterogeneity occurs across modules. In this paper, we raise the research question of what is the existing state-of-the-art and research literature practice when it comes to consistency checking in distributed systems. We conducted a systematic search for existing work and assess the evidence to categorize the approaches and to identify used techniques. Identified works offer interesting directions and achievements. Often the works share tool prototypes and instruments to build on the top of when performing further research in this direction and we share them in this paper. Finally, we discuss open challenges and gaps in this field to promote the interest of the research audience.