Porfirio Tramontana Home Page
Short Resume
Porfirio Tramontana is born in Naples in 1976. He had a five-year degree in Computer Engineering in March 2001 and a PhD degree in November 2005 at the University of Naples Federico II with a dissertation on the Reverse Engineering of Web Applications. He is an Associate Professor since 2021 in the Computer Science scientific field.
Research Activities. His main research activities focuses on Software Engineering. The most relevant ones include Android Testing Automation, Random Testing Termination Criteria, Reverse Engineering and Quality Assessment of Spreadhseets, Reverse Engineering and Testing of Rich Internet Applications, Reverse Engineering, Testing, Quality Assessment, Documentation and Testing of Web Applications, Security Modeling and Assessment, Migration to Web Services, Semantic Interoperability.
Publications. He is author or co-author of more than 50 papers appeared in international journals or presented at international conferences.
Projects. He has participated in several projects funded by MIUR and European Commission on thematics related to the Software Engineering field.
Teaching Activities. He has taken more than 25 university courses regarding different disciplines related to the Computer Science field. In addition he has taken several courses in the context of academies, Masters and Industrial Training.
Reviewer Activities. He served as program chair, program committee member or reviewer of several conferences, workshops and journals related to its research interests. He is currently Associate Editor of IEEE Access. He is also Member of the ACM.
Thesis. He has followed more than 200 Doctoral, Laurea and Bachelor Degree in Computer Engineering, Electronic Engineering, Biomedical Engineering, Telecommunications Engineering for the University of Naples Federico II.
Testing software is very important, but not done well, resulting in problematic and erroneous software applications. The cause radicates
from a skills mismatch between what is needed in industry, the learning needs of students and the way testing is currently being taught at
HEs and VETs. The goal of this proposal is to identify and design seamless teaching materials for testing that are aligned with industry and
learning needs. To represent the entire socio-economic environment that will benefit from the results, this project consortium is composed
of 9 partners: 4 HEs, 1 VET, and 4 SME. The main activities are related to the research in cognitive models for learning testing, the
identification of industry needs of testing for the training and knowledge transfer processes, the design and development of teaching
testing capsules including the instructional materials that take into account the cognitive models of students and the industry needs, and
the validation of the teaching testing capsules developed during the project. We expect to design, develop and validate at least 10 teaching
testing capsules during the project, which can be easily integrated in the curricula of partners and industry processes. This will improve the
learning performance of students and improve their testing skills as they are increasingly important in digital job profiles across the entire
labour market. In the long run this will improve the quality of the software on which our digitalised society relies. Moreover, we advocate
that if the results of the ENACTEST project are used over the years in VETs, HEs, and SMEs continuing improving the testing education, the
number of persons benefiting from the project will be incomputable
Recent Publications and Presentations
A community detection approach based on network representation learning for repository mining,
Towards the Generation of Robust E2E Test Cases in Template-based Web Applications
Porfirio Tramontana, Anna Rita Fasolino:
Towards the Generation of Robust E2E Test Cases in Template-based Web Applications. SEAA 2022
An Approach for Model Based Testing of Augmented Reality Applications
Comparing the effectiveness of capture and replay against automatic input generation for Android graphical user interface testing, published on Software Testing, Verification and Reliability, 2020
Recent Teaching Activities
Software Testing
Corsi di Laurea Magistrale in Informatica e in Ingegneria Informatica per l’Università “Federico II”, per l’anno accademico 2020/21, 2021/22
Syllabus (english)
Theoretical elements of software testing: Definitions - Undecidable problems - Taxonomy of testing activities
Testing quality: Adequacy - Accuracy - Repeatability – Fault finding - Effectiveness - Efficiency
Test cases specification: Input - Output - Oracles - Preconditions and postconditions
JUnit: Introduction to JUnit – Implementation of Unit Tests with JUnit on Java Programs - Assumptions and Assertions - Exception Testing - Dynamic and Parametric Tests - Data Driven Testing with JUnit
Black Box Testing: Testing based on requirements and use case scenarios - Test with equivalence classes and boundary values - Tools and techniques for combinatorial generation of test cases - Testing with decision tables.
White Box Testing: Coverage metrics - Tools for the automatic measurement of code coverage.
Integration testing and isolation testing: Testing in isolation with drivers and stubs - Dependency graphs - Strategies for integration testing: top-down, bottom-up, sandwich - Testing with Mock Objects - Introduction to Dependency injection - Frameworks for creating Mock Objects
User interface testing: Character user interface (CUI) testing techniques - GUI testing - Modeling of GUIs with finite state machines. State explosion problem and equivalent state technique - GUI testing tools - Validation of inputs.
User Session Techniques: Capture & Replay techniques for generating user interface tests - Issues related to the generation of robust locators - Issues related to the replicability of captured tests - Capture & Replay tools for Web applications
Testing automation techniques: automation in the generation / execution / evaluation of the outcome of test cases - Automatic generation and evaluation of oracles - Crash testing - Smoke Testing - Regression Testing.
Random testing: Characteristics and parameters of random testing - Random testing termination problem - Reduction and prioritization of test suites.
Mutation Testing: Test case mutation - Mutation Analysis - Mutation based Testing - Mutants generation tools - Search based software testing: EvoSuite.
Experience based Testing: Exploratory Testing - Error Guessing and Checklist based Testing - Beta Testing - CrowdTesting - CrowdTesting Platforms - Software Testing Gamification - Unit Testing with Code Defenders
Continuous Integration and testing: Notes on techniques, languages and tools for build automation - Introduction to techniques and tools for managing concurrent versions - Automation of testing activities in Github with Github Actions
Static analysis of the source code: Static analysis techniques - Automatic static analysis tools: Checkstyle, PMD, Findbugs, Android Lint – Introduction to the use of SonarQube for continuous software quality monitoring
Debugging: Fault localization and correction - Techniques for debugging: brute force, backtracking, elimination of causes - Debugging tools: breakpoints, conditional breakpoints, watch, watchpoint.
Android application testing: Introduction to Android and Android App Programming - Unit Testing using JUnit and Robolectric - GUI testing using Robotium and Android Espresso - Use of Espresso Recorder for Capture & Replay of test cases - System testing: use of UIAutomator - Low-level testing tools: Monkey - Monitoring tools - Memory leaks testing - Systematic testing tools: Android Ripper - Remote resource application testing: Cloud testing with Firebase TestLab, Alpha Testing, Beta Testing.
Syllabus (italiano):
Elementi teorici del testing software: Definizioni – Problemi indecidibili – Tassonomia delle attività di testing
Qualità del testing: Adeguatezza - Precisione - Ripetibilità - Capacità di trovare i difetti - Efficacia – Efficienza
Specifica dei casi di test: Input – Output – Oracoli – Pre e post-condizioni
JUnit: Introduzione a JUnit - Implementazione di test di unità con JUnit su programmi Java – Assunzioni e asserzioni – Testing delle eccezioni – Test dinamici e parametrici – Testing Data Driven con JUnit
Testing Black Box. Testing basato sui requisiti e sugli scenari dei casi d'uso - Test con classi di equivalenza e valori limite - Strumenti e tecniche per la generazione combinatoriale dei casi di test - Testing con tabelle di decisione.
Testing White Box – Modelli e metriche di copertura - Strumenti per la misura automatica della copertura del codice.
Testing di integrazione e testing in isolamento – Tecniche di testing in isolamento con driver e stub – Grafi delle dipendenze - Strategie per il testing di integrazione: top-down, bottom-up, sandwich – Testing con Mock Objects – Cenni di dependency injection – Framework per la creazione di Mock Objects
Testing dell’interfaccia utente – Tecniche di testing delle interfacce utente a caratteri - Testing delle GUI - Modellazione delle GUI con macchine a stati finiti - Problema dell'esplosione degli stati e tecnica degli stati equivalenti – Librerie a supporto del testing di GUI - Validazione degli input.
Tecniche User Session: Tassonomia delle tecniche Capture & Replay per la generazione di test sull'interfaccia utente - Problematiche relative alla generazione di locatori robusti – Problematiche legate alla replicabilità dei test catturati – Strumenti di Capture & Replay per applicazioni Web
Tecniche di testing automation: Automazione nella generazione/esecuzione/valutazione dell'esito dei casi di test - Generazione e valutazione automatica di oracoli - Crash testing - Smoke Testing - Regression Testing.
Random testing: Caratteristiche e parametri del random testing - Problema della terminazione del random testing - Tecniche e strumenti per l’esplorazione automatica della GUI - Riduzione e prioritizzazione delle test suite.
Mutation Testing: Test case mutation – Mutation Analysis – Mutation based Testing – Strumenti per la generazione di mutant - Search based software testing: utilizzo di EvoSuite.
Experience based Testing: Exploratory Testing – Error Guessing e Checklist based Testing – Beta Testing - Crowdtesting – Piattaforme di CrowdTesting - Software Testing Gamification – Testing di unità con Code Defenders
Testing in Continuous Integration: Cenni su tecniche, linguaggi e strumenti per la build automation - Cenni su tecniche e strumenti per la gestione delle versioni concorrenti – Automazione di attività di testing in Github con Github Actions
Analisi statica del codice sorgente: Tecniche per l’analisi statica - Strumenti automatici di analisi statica: Checkstyle, PMD, Findbugs, Android Lint - Cenno all’utilizzo di SonarQube per il monitoraggio continuo della qualità del software
Debugging: Localizzazione e correzione dei difetti - Tecniche per il debugging: forza bruta - backtracking, eliminazione delle cause - Strumenti per il debugging: breakpoint, breakpoint condizionali, watch, watchpoint.
Testing delle applicazioni Android. Introduzione al sistema Android e alla programmazione di app Android - Testing di unità: utilizzo di JUnit e Robolectric - Testing della GUI: utilizzo di Robotium e Android Espresso - Utilizzo di Espresso Recorder per il Capture & Replay di casi di test - Testing di sistema: utilizzo di UIAutomator - Strumenti di testing a basso livello: Monkey - Strumenti di monitoraggio - Testing dei memory leaks - Strumenti di testing sistematico: Android Ripper - Testing di applicazioni con risorse remote: Cloud testing con Firebase TestLab, Alpha Testing, Beta Testing.
Operating Systems for Mobile, Cloud and IoT
Corsi di Laurea Magistrale in Informatica per l’Università “Federico II”, per l’anno accademico 2021/22
Syllabus (english)
Course Introduction. Recalls from the Operating Systems course. Operating system concept. Operating systems architecture. Process management. Process scheduling.
Synchronization between processes. InterProcess Communication. Memory management. File System. User Interface. System Calls. ecurity.
Mobile Operating Systems. History of Mobile Operating Systems. Notes on Symbian and iOS. Android: definition and fundamental characteristics. Historical evolution of Android. Android Architecture. Comparisons with iOS and Linux. Android SDK. Introduction to Android Studio. Android SDK. ADB and direct shell interaction. File System on Android. Bootloader. Android source code. Notes on the rebuild and modification of the Android framework. Development of Android applications: Hello, World. Programming languages: Java and Kotlin. Android Virtual Machines: Dalvik and ART. Building and running Android apps. Gradle scripts. Android Manifest. Android app programming. Static resources: layout, assets, strings and internationalization, graphics, styles and themes. Activity and Context objects. Static resources access.
Outline of graphic widgets and their use. Life cycle of activities and fragments. Intent and calls. IPC between Activity. Competition in Android. Thread and AsyncTask. Services: Foreground and Background Services, Started and Bound Services. Notification Services and Broadcast Receivers. WorkManager. Energy optimization: Doze mode and stand-by mode. Monitoring of resources and energy consumption. Memory leaks in Android. Sensors in Android. Access to sensors and best practices. Location tracking in Android. Best practices: accuracy, frequency and latency. Location permissions. Data sharing techniques between apps and components. Sharing between components of an app: File, Shared Preferences and SQLite Database. Sharing between apps: Content Provider. External sharing: access to web services and remote resources. Data sharing via Firebase. Introduction to security in Android. Security mechanisms inherited from the operating system. Sandboxes and partitions. Access to external SD memories. Permissions model in Android. Best practices related to permissions. Best practices related to Android security.
Virtualization. Hypervisors. Virtual Machines. Paravirtualization. Virtualization examples.
Cloud Computing. Cloud Service Models. AWS Infrastructure: Core AWS Services, Database Services, Developer Tools, Data Analysis and Machine Learning Tools.
Application examples. Serverless Computing: Scalability and Elasticity. On-premise approach. Infrastructure as a service. Function as a service approach. AWS Lambda. Fog and Edge Computing: practical usage scenarios. Notes on the Message Broker Kafka.
Real Time Operating Systems. Event Driven and Time Driven operating systems. Real Time Scheduling. Rate Monothonic Scheduler. EDF Scheduler. Hard Real Time and Soft Real Time tasks. Causes of unpredictability of process execution times. Implementation of real time scheduling policies in Linux systems. Real time programming languages. Real time Linux distributions.
Internet of Thngs. Introduction to the Internet of Things. Application areas: Smart Agriculture, Smart Cars, Smart Cities, Smart Home, Smart Metering. Industry 4.0 and Digital Twins. Sensors. Research fields: Signal processing, biometrics. Agents. Rational and irrational agents. Biometrics: definition and taxonomies. Architecture of a biometric system. Fingerprint. Face recognition. Retina recognition. Iris recognition. Behavioral identity and gaze. Holographic signature recognition. Advantages, disadvantages and comparisons between different techniques. Application to IoT. Problems of communication between IoT devices. Shared buses, Publish / Subscribe pattern. IoT in the automotive. IoT in the avionics sector: the case of the Airbus. Industrial Internet of Things. Problems relating to the choice of database and infrastructure depending on the frequency of data generation. Temporal databases: InfluxDb.
Green IT. Problems and perspectives of the energy sustainability of IT activities. Discussion on the energy consumption of some IT activities. Optimization of software energy consumption. Green requirements. Influence of design choices. Programming techniques with energy optimization.
Syllabus (italiano):
Introduzione al corso. Richiami dal corso di Sistemi Operativi. Concetto di sistema operativo. Architettura dei sistemi operativi. Gestione dei processi. Scheduling dei processi.
Sincronizzazione tra i processi. InterProcess Communication. Gestione della memoria. File System. User Interface. System Calls. Sicurezza e protezione.
Mobile Operating Systems. Caratteristiche e peculiarità. Storia dei Mobile Operating Systems. Cenni a Symbian e iOS. Android: definizione e caratteristiche fondamentali. Evoluzione storica di Android. Android Architecture. Confronti con iOS e Linux. Android SDK. Introduzione ad Android Studio. Android SDK. ADB e interazione diretta via shell. File System su Android. Bootloader. Android source code. Cenni alla ricostruzione e modifica del framework Android. Cenni allo sviluppo di applicazioni Android: Hello, World. Linguaggi di programmazione: Java e Kotlin. Android Virtual Machines: Dalvik e ART. Processo di building ed esecuzione di una app Android. Gradle scripts. Android Manifests. Programmazione di app Android. Risorse statiche: layout, assets, stringhe e internazionalizzazione, grafica, stili e temi. Activity e oggetto Context. Accesso a risorse statiche.
Cenni ai widget grafici e al loro utilizzo. Ciclo di vita delle Acivity e dei Fragment. Intent e chiamate. IPC tra Activity. Concorrenza in Android. Thread e AsyncTask. Services: Foreground and Background Services, Started and Bound Services. Notification Services e Broadcast Receivers. WorkManager. Ottimizzazione energetica: Doze mode e stand-by mode. Monitoraggio delle risorse e del consumo energetico. Memory leaks in Android. Sensori in Android. Metodi di accesso ai sensori e best practices. Rilevamento della posizione in Android. Best practices: accuracy, frequency and latency. Permessi di accesso alla posizione. Tecniche di condivisione dei dati tra app e componenti. Condivisione tra componenti di un app: File, Shared Preferences e Database SQLite. Condivisione tra app: Content Provider. Condivisione esterna: accesso a servizi Web, risorse remote. Condivisione dei dati via Firebase. Introduzione alla sicurezza in Android. Meccanismi di sicurezza ereditati dal sistema operativo. Sandbox e partizioni dei file system. Accesso a memorie SD esterne. Modello dei permessi in Android. Best practices relative ai permessi. Best practices relative alla sicurezza in Android.
Virtualizzazione. Hypervisors. Virtual Machines. Paravirtualization. Esempi di virtualizzazione.
Cloud Computing. Cloud Service Models. AWS Infrastructure: Core AWS Services, Database Services, Developer Tools, Data Analysis and Machine Learning Tools.
Esempi di applicazione. Serverless Computing: Scalabilità ed Elasticità. Approccio on-premise. Infrastructure as a service. Approccio Function as a service. AWS Lambda. Fog ed Edge Computing: scenari pratici di utilizzo. Cenni al Message Broker Kafka.
Sistemi Operativi Real Time. Sistemi operativi Event Driven e Time Driven. Scheduling Real Time. Rate Monothonic Scheduler. EDF Scheduler. Task Hard Real Time e Soft Real Time. Cause di imprevedibilità dei tempi di esecuzione dei processi. Implementazione di politiche di scheduling real time in sistemi Linux. Linguaggi di programmazione per il real time. Distribuzioni di Linux real time.
Internet of Thngs. Introduzione all'Internet of Things. Ambiti applicativi: Smart Agriculture, Smart Cars, Smart Cities, Smart Home, Smart Metering. Industria 4.0 e Digital Twins.
Sensori. Ambiti di ricerca: Elaborazione di segnali, biometria. Agenti. Agenti razionali e irrazionali. Biometria: definizione e tassonomie. Archiettura di un sistema biometrico. Impronta digitale. Riconoscimento del volto. Riconoscimento della retina. Riconoscimento dell'iride. Identità comportamentale e gaze. Riconoscimento della firma olografa. Vantaggi, svantaggi e confronti tra le varie tecniche. Problematiche applicate dell'IoT. Problematiche della comunicazione tra i dispositivi IoT. Bus condivisi, pattern Publish/Subscribe.
IoT nell'automotive. IoT nel settore avionico: il caso dell'Airbus. Industrial Internet of Things. Problematiche relative alla scelta del database e dell'infrastruttura in dipendenza della frequenza di generazione dei dati. Cenni a database temporali: InfluxDb.
Green IT. Problemi e prospettive della sostenibilità energetica delle attività IT. Discussione sul consumo energetico di alcune attività IT. Ottimizzo del consumo energetico del software. Requisiti green. Influenza delle scelte di progettazione. Tecniche di programmazione con ottimizzazione energetica.
Object Orientation
Corsi di Laurea in Informatica per l’Università “Federico II”, per l’anno accademico 2021/22
Course Program (italiano):
La programmazione orientata agli oggetti. Paradigmi di programmazione. Paradigma object oriented. Concetti di astrazione dei dati, di definizione di tipi personalizzati, e di incapsulamento.
Il Linguaggio Java. Introduzione e storia di Java. La JVM. Il JDK. Ambienti di sviluppo (IDE): Eclipse. Compilazione ed esecuzione. Il bytecode. Tipi Primitivi e Riferimenti. Classi e oggetti. Creazione e distruzione di oggetti. Garbage Collector. Attributi e metodi. Visibilità. Costruttore. Operatori aritmetici e logici. Costanti. Cicli. Passaggio dei parametri. Array e Matrici. Ciclo for potenziato. Stringhe. Ereditarietà e polimorfismo. Overloading e overriding. This e super. Classe Object. Classi Contenitore. ArrayList. Generics e Template. Classi Wrapper. Autoboxing e Unboxing. Eccezioni. Costrutto Try-Catch. Gestione delle eccezioni. Throw e Throws. Package e importazione. I/O in Java. Classe scanner. Classe InputStream. Cenni a lettura e scrittura su file. Classi astratte. Interface e implementation. Interfaccia grafica (GUI) in Java con AWT e Swing. Window Builder. Contenitori grafici. Layout. Widget. Eventi e ascoltatori. Comunicazione tra le finestre. Principi di progettazione delle GUI. Jar e Runnable Jar. Documentazione interna del codice con Javadoc. Integrazione con il database.
Debugging. Ricerca e localizzazione dei difetti. Asserzioni e sonde. Esecuzione step by step. Breakpoint e breakpoint condizionali.
Modellazione con UML. Introduzione a UML. Class diagram. Processo di astrazione in UML. CRC cards. Modello di dominio del problema. Corrispondenza tra class diagram e codice sorgente Java. Modello di dominio della soluzione. Sequence diagram. Package diagram.
Concurrent Versioning Systems. Gestione delle versioni del software. Modello lock-modify-unlock. Modello copy-modify-merge. Gestione dei conflitti tra versioni. Cenni a Git. Funzionalità di base di Github.
Sistemi informativi in Java. Pattern architetturale Boundary, Control, Entity (BCE). Pattern Data Access Object (DAO).
Recent Thesis