159 papers
This paper proposes a goal-centric framework for assessing Requirements Engineering methods for Privacy by Design, arguing that practitioners should evaluate these methods based on organizational goals rather than solely on process characteristics to better support their selection and tailoring.
This paper introduces Preguss, a modular framework that combines static analysis with LLM-aided synthesis to automatically generate and refine interprocedural specifications, enabling highly automated verification of large-scale programs (over 1,000 lines of code) while significantly reducing human effort.
This paper presents the first large-scale empirical study of floating-point arithmetic usage in statically typed languages across millions of GitHub repositories, revealing that while existing benchmarks are partially representative, they do not fully capture real-world code patterns, and releasing a dataset of 10 million extracted functions to guide future reasoning techniques.
This paper presents a comprehensive empirical study evaluating state-of-the-art pre-trained and large language models for multilingual vulnerability detection across seven programming languages at both function and line levels, revealing that instruction-tuned GPT-4o significantly outperforms other models, particularly in identifying high-severity and unique multilingual vulnerabilities.
This paper presents a taxonomy of nine log smells derived from a survey of 51 studies to help developers write better logging code, while also mapping these issues to existing repair tools and highlighting critical gaps in current research and tooling.
This study investigates the pitfalls of integrating large language models into software engineering workflows, revealing that persistent inaccuracies and cognitive overload often lead developers to abandon AI tools, though strategic prompt refinement can significantly mitigate the risk of such abandonment.
This paper introduces the concept of "Interaction Smells" in multi-turn human-LLM code generation, establishes a taxonomy based on real-world data, analyzes their distribution across leading models, and proposes the Invariant-aware Constraint Evolution (InCE) framework to effectively mitigate these issues and improve task success rates.
This paper presents a project-based AI engineering curriculum that integrates agile practices with generative AI tools to prepare students for modern software development, demonstrating through a seven-sprint case study that embedding AI across the engineering lifecycle fosters hands-on competence while necessitating adaptations for tool evolution and foundational learning verification.
This paper introduces EmbC-Test, a Retrieval-Augmented Generation (RAG) pipeline that leverages project-specific artifacts to ground large language models, enabling the automated generation of syntactically correct and runtime-valid embedded C tests that reduce testing time by up to 66% while producing 270 tests per hour.
This paper reports on the synthesis and seeks feedback for the future evaluation of an Artefact Model for Regulatory Requirements Engineering (AM4RRE), aiming to bridge the gap between organizational regulatory processes and ad-hoc software development practices to achieve systematic, integrated compliance by design.
This paper reports on the authors' experience developing three professional software engineering curricula and proposes a systematic, content-mapping-based approach with guiding principles for effectively integrating Requirements Engineering courses into these dynamic and modular programs.
This case study demonstrates that while ChatGPT can generate realistic synthetic system requirement specifications across multiple industries using iterative prompt engineering, the resulting artifacts still contain significant flaws that necessitate thorough expert evaluation rather than relying solely on LLM-based quality assessments.
ToolRosetta is a unified framework that automatically transforms heterogeneous open-source code repositories into standardized, secure, and executable Model Context Protocol (MCP) tools, enabling LLM agents to autonomously plan and invoke specialized software for complex tasks with minimal human intervention.
This paper introduces AgenticCyOps, a security framework for enterprise multi-agent AI systems that mitigates emerging attack surfaces by formalizing tool orchestration and memory management as primary trust boundaries and applying five defensive principles aligned with global compliance standards to significantly reduce exploitable vulnerabilities in SOC workflows.
This paper evaluates the capability of state-of-the-art Large Language Models to automatically generate UML class diagrams from natural language requirements, demonstrating their effectiveness and reliability through a comprehensive dual-validation framework that combines LLM-as-a-Judge assessments with human expert evaluations.
This paper presents a novel hybrid framework that synergistically combines concolic execution, LLM-guided path prioritization, and deep learning to achieve provably sound and highly accurate detection of zero-day AI-generated malware, significantly outperforming conventional baselines on both standard and synthesized threat benchmarks.
This paper examines the barriers faced by New Zealand researchers in attending software engineering conferences, such as high travel costs and scheduling misalignments, and proposes strategies like hybrid participation and governance reforms to foster more equitable global engagement.
This paper presents Lockbox, a Zero Trust architecture that ensures the secure processing of sensitive cloud workloads by enforcing strict isolation, least-privilege access, and end-to-end encryption, thereby enabling enterprises to safely leverage advanced capabilities like AI without compromising their security posture.
This paper evaluates the capability of AI agents to generate functional microservices, finding that while they can produce maintainable code with high API contract adherence—particularly in clean-state scenarios—current limitations in consistency and the need for human oversight prevent fully autonomous generation.
This paper argues that while Generative AI offers potential assistance for qualitative research in software engineering, it is not a universal solution and requires careful, strategy-specific adaptation to avoid overgeneralization, ultimately outlining its promises, pitfalls, and implications for research quality.