Pub Date : 2024-05-27DOI: 10.1016/j.jss.2024.112111
Camila Costa Silva, Matthias Galster, Fabian Gilson
When modeling topics from chat messages of developer instant messaging communication, individual chat messages are short text documents. Our study aims at understanding how short text topic models perform with conversations from developer instant messaging. We applied four models to nine Gitter chat rooms (with sizes ranging from 100 to 160,000 messages). To assess the quality of topics and identify the best performing models, we compared topics based on four metrics for topic coherence. Furthermore, for a subset of Gitter chat rooms we used two human-based assessments: intrusion tasks with 18 experts analyzing 40 topics each, and topic naming (assigning a name to a topic that summarizes its main concept) with eight additional experts naming 60 topics each. Models performed differently in terms of coherence metrics and human assessment depending on the corpus (small, medium or large chat room). Our findings offer recommendations for the selection and use of short text topic models with developer chat messages based on characteristics of models and their performance with different sizes of corpora, and based on different strategies to assess topic quality.
{"title":"Applying short text topic models to instant messaging communication of software developers","authors":"Camila Costa Silva, Matthias Galster, Fabian Gilson","doi":"10.1016/j.jss.2024.112111","DOIUrl":"https://doi.org/10.1016/j.jss.2024.112111","url":null,"abstract":"<div><p>When modeling topics from chat messages of developer instant messaging communication, individual chat messages are short text documents. Our study aims at understanding how short text topic models perform with conversations from developer instant messaging. We applied four models to nine Gitter chat rooms (with sizes ranging from <span><math><mo>≈</mo></math></span>100 to <span><math><mo>≈</mo></math></span>160,000 messages). To assess the quality of topics and identify the best performing models, we compared topics based on four metrics for topic coherence. Furthermore, for a subset of Gitter chat rooms we used two human-based assessments: <em>intrusion tasks</em> with 18 experts analyzing 40 topics each, and <em>topic naming</em> (assigning a name to a topic that summarizes its main concept) with eight additional experts naming 60 topics each. Models performed differently in terms of coherence metrics <em>and</em> human assessment depending on the corpus (small, medium or large chat room). Our findings offer recommendations for the selection and use of short text topic models with developer chat messages based on characteristics of models and their performance with different sizes of corpora, and based on different strategies to assess topic quality.</p></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.5,"publicationDate":"2024-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0164121224001560/pdfft?md5=2b70d1a9e9cc0730f4d2f722aa3e48ad&pid=1-s2.0-S0164121224001560-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141298107","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Traceability links between issues and commits record valuable information about the evolutionary history of software projects. Unfortunately, these links are often missing. While deep learning stands as the current state-of-the-art (SOTA) in automated traceability links recovery (TLR), its effectiveness is faced with the practical problem of limited labeled data during training. To overcome this challenge, in this paper, we propose DSSLink, a novel method based on deep semi-supervised learning, enhancing deep-learning-based link recovery tasks. DSSLink first learns knowledge from labeled data through pre-trained model and then leverages deep semi-supervised learning to infer pseudo-labels on unlabeled data. The extended dataset of pseudo-labeled and labeled data re-trains the deep learning model in an iterative process. Our extensive evaluations are conducted on two SOTA traceability methods (T-BERT and BTLink) across four GitHub projects and 11 Apache projects. Specifically, the maximum F1-score improvements for GitHub and Apache projects reached 22.9% and 43.5%, respectively. Evaluation results show that DSSLink is effective in enhancing TLR performance and outperforms TraceFUN, a recent approach that utilizes unlabeled data for TLR. The source code of DSSLink is available at https://github.com/DSSLink.
Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board.
{"title":"Deep semi-supervised learning for recovering traceability links between issues and commits","authors":"Jianfei Zhu , Guanping Xiao , Zheng Zheng , Yulei Sui","doi":"10.1016/j.jss.2024.112109","DOIUrl":"10.1016/j.jss.2024.112109","url":null,"abstract":"<div><p>Traceability links between issues and commits record valuable information about the evolutionary history of software projects. Unfortunately, these links are often missing. While deep learning stands as the current state-of-the-art (SOTA) in automated traceability links recovery (TLR), its effectiveness is faced with the practical problem of limited labeled data during training. To overcome this challenge, in this paper, we propose <span>DSSLink</span>, a novel method based on deep semi-supervised learning, enhancing deep-learning-based link recovery tasks. <span>DSSLink</span> first learns knowledge from labeled data through pre-trained model and then leverages deep semi-supervised learning to infer pseudo-labels on unlabeled data. The extended dataset of pseudo-labeled and labeled data re-trains the deep learning model in an iterative process. Our extensive evaluations are conducted on two SOTA traceability methods (T-BERT and BTLink) across four GitHub projects and 11 Apache projects. Specifically, the maximum F1-score improvements for GitHub and Apache projects reached 22.9% and 43.5%, respectively. Evaluation results show that <span>DSSLink</span> is effective in enhancing TLR performance and outperforms TraceFUN, a recent approach that utilizes unlabeled data for TLR. The source code of <span>DSSLink</span> is available at <span>https://github.com/DSSLink</span><svg><path></path></svg>.</p><p><em>Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board</em>.</p></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.5,"publicationDate":"2024-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141137308","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-05-24DOI: 10.1016/j.jss.2024.112113
Domenico Cotroneo, Alessio Foggia, Cristina Improta, Pietro Liguori, Roberto Natella
Evaluating the correctness of code generated by AI is a challenging open problem. In this paper, we propose a fully automated method, named ACCA, to evaluate the correctness of AI-generated code for security purposes. The method uses symbolic execution to assess whether the AI-generated code behaves as a reference implementation. We use ACCA to assess four state-of-the-art models trained to generate security-oriented assembly code and compare the results of the evaluation with different baseline solutions, including output similarity metrics, widely used in the field, and the well-known ChatGPT, the AI-powered language model developed by OpenAI.
Our experiments show that our method outperforms the baseline solutions and assesses the correctness of the AI-generated code similar to the human-based evaluation, which is considered the ground truth for the assessment in the field. Moreover, ACCA has a very strong correlation with the human evaluation (Pearson’s correlation coefficient on average). Finally, since it is a full y automated solution that does not require any human intervention, the proposed method performs the assessment of every code snippet in s on average, which is definitely lower than the average time required by human analysts to manually inspect the code, based on our experience.
{"title":"Automating the correctness assessment of AI-generated code for security contexts","authors":"Domenico Cotroneo, Alessio Foggia, Cristina Improta, Pietro Liguori, Roberto Natella","doi":"10.1016/j.jss.2024.112113","DOIUrl":"https://doi.org/10.1016/j.jss.2024.112113","url":null,"abstract":"<div><p>Evaluating the correctness of code generated by AI is a challenging open problem. In this paper, we propose a fully automated method, named <em>ACCA</em>, to evaluate the correctness of AI-generated code for security purposes. The method uses symbolic execution to assess whether the AI-generated code behaves as a reference implementation. We use <em>ACCA</em> to assess four state-of-the-art models trained to generate security-oriented assembly code and compare the results of the evaluation with different baseline solutions, including output similarity metrics, widely used in the field, and the well-known ChatGPT, the AI-powered language model developed by OpenAI.</p><p>Our experiments show that our method outperforms the baseline solutions and assesses the correctness of the AI-generated code similar to the human-based evaluation, which is considered the ground truth for the assessment in the field. Moreover, <em>ACCA</em> has a very strong correlation with the human evaluation (Pearson’s correlation coefficient <span><math><mrow><mi>r</mi><mo>=</mo><mn>0</mn><mo>.</mo><mn>84</mn></mrow></math></span> on average). Finally, since it is a full y automated solution that does not require any human intervention, the proposed method performs the assessment of every code snippet in <span><math><mrow><mo>∼</mo><mn>0</mn><mo>.</mo><mn>17</mn></mrow></math></span> s on average, which is definitely lower than the average time required by human analysts to manually inspect the code, based on our experience.</p></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.5,"publicationDate":"2024-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0164121224001584/pdfft?md5=c7734d2003ab22f80edc9da32fb97026&pid=1-s2.0-S0164121224001584-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141298106","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-05-24DOI: 10.1016/j.jss.2024.112112
Daniel Feitosa, Matei-Tudor Penca, Massimiliano Berardi, Rares-Dorian Boza, Vasilios Andrikopoulos
Context:
Cloud computing’s rise as the primary platform for software development and delivery is largely driven by the potential cost savings. However, it is surprising that no empirical evidence has been collected to determine whether cost awareness permeates the development process and how it manifests in practice.
Objective:
This study aims to provide empirical evidence of cost awareness by mining open source repositories of cloud-based applications. The focus is on Infrastructure-as-Code artifacts that automate software (re)deployment on the cloud.
Methods:
A systematic examination of repositories yielded relevant hits. We then analyzed 538 relevant commits and 208 relevant issues using inductive and deductive coding and corroborated findings with discussions from Stack Overflow.
Results:
The findings indicate that developers are not only concerned with the cost of their application deployments but also take actions to reduce these costs beyond selecting cheaper cloud services. We also identify research areas for future consideration.
Conclusion:
Although we focus on a particular Infrastructure-as-Code technology (Terraform), the findings can be applicable to cloud-based application development in general. The provided empirical grounding can serve developers seeking to reduce costs through service selection, resource allocation, deployment optimization, and other techniques.
{"title":"Mining for cost awareness in the infrastructure as code artifacts of cloud-based applications: An exploratory study","authors":"Daniel Feitosa, Matei-Tudor Penca, Massimiliano Berardi, Rares-Dorian Boza, Vasilios Andrikopoulos","doi":"10.1016/j.jss.2024.112112","DOIUrl":"https://doi.org/10.1016/j.jss.2024.112112","url":null,"abstract":"<div><h3>Context:</h3><p>Cloud computing’s rise as the primary platform for software development and delivery is largely driven by the potential cost savings. However, it is surprising that no empirical evidence has been collected to determine whether cost awareness permeates the development process and how it manifests in practice.</p></div><div><h3>Objective:</h3><p>This study aims to provide empirical evidence of cost awareness by mining open source repositories of cloud-based applications. The focus is on Infrastructure-as-Code artifacts that automate software (re)deployment on the cloud.</p></div><div><h3>Methods:</h3><p>A systematic examination of <span><math><mrow><mn>152</mn><mspace></mspace><mn>735</mn></mrow></math></span> repositories yielded <span><math><mrow><mn>2</mn><mspace></mspace><mn>010</mn></mrow></math></span> relevant hits. We then analyzed 538 relevant commits and 208 relevant issues using inductive and deductive coding and corroborated findings with discussions from Stack Overflow.</p></div><div><h3>Results:</h3><p>The findings indicate that developers are not only concerned with the cost of their application deployments but also take actions to reduce these costs beyond selecting cheaper cloud services. We also identify research areas for future consideration.</p></div><div><h3>Conclusion:</h3><p>Although we focus on a particular Infrastructure-as-Code technology (Terraform), the findings can be applicable to cloud-based application development in general. The provided empirical grounding can serve developers seeking to reduce costs through service selection, resource allocation, deployment optimization, and other techniques.</p></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.5,"publicationDate":"2024-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0164121224001572/pdfft?md5=df76469895106882163f8c42737bb5e4&pid=1-s2.0-S0164121224001572-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141244327","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-05-24DOI: 10.1016/j.jss.2024.112108
Hechen Wang, Peter Devine, James Tizard, Seyed Reza Shahamiri, Kelly Blincoe
User feedback on software usage is utilised by developers to improve their software. Software product forums are platforms rich in software-related user feedback, such as forum threads containing bug reports or requests for new features. However, previous studies have mainly focused on analysing user feedback from software product forums as individual sentences, which can lead to missing insights and a lack of understanding of the overall context of forum posts. To fill this gap in research, this work examines user feedback found in software product forum posts to investigate the differences between content classifications found in forum sentences and posts. We manually evaluated software product forum posts collected from two open-sourced software product forums and discovered five new types of user feedback that can only be identified when examining user feedback in the form of forum posts. Additionally, we examined the association between sentence classifications found within software product forums. Our results indicate that contextual information complimenting product improvement insights can be found in software product forums, with a confidence of 0.75 and 0.69 for the association between apparent bug and application usage sentences. This information can be used to reduce manual efforts required to chase up missing contextual information when attempting to understand or fix software issues. We also provide insights into the progression of posts in software product forums at the thread-level, and our progression flowchart can be used to summarise the sequence of events in software product forum threads. Our findings reveal the importance of looking at user feedback within software product forums in the format of forum posts to identify new insights on user feedback for software improvements.
Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board.
{"title":"Conversation in forums: How software forum posts discuss potential development insights","authors":"Hechen Wang, Peter Devine, James Tizard, Seyed Reza Shahamiri, Kelly Blincoe","doi":"10.1016/j.jss.2024.112108","DOIUrl":"10.1016/j.jss.2024.112108","url":null,"abstract":"<div><p>User feedback on software usage is utilised by developers to improve their software. Software product forums are platforms rich in software-related user feedback, such as forum threads containing bug reports or requests for new features. However, previous studies have mainly focused on analysing user feedback from software product forums as individual sentences, which can lead to missing insights and a lack of understanding of the overall context of forum posts. To fill this gap in research, this work examines user feedback found in software product forum posts to investigate the differences between content classifications found in forum sentences and posts. We manually evaluated software product forum posts collected from two open-sourced software product forums and discovered five new types of user feedback that can only be identified when examining user feedback in the form of forum posts. Additionally, we examined the association between sentence classifications found within software product forums. Our results indicate that contextual information complimenting product improvement insights can be found in software product forums, with a confidence of 0.75 and 0.69 for the association between apparent bug and application usage sentences. This information can be used to reduce manual efforts required to chase up missing contextual information when attempting to understand or fix software issues. We also provide insights into the progression of posts in software product forums at the thread-level, and our progression flowchart can be used to summarise the sequence of events in software product forum threads. Our findings reveal the importance of looking at user feedback within software product forums in the format of forum posts to identify new insights on user feedback for software improvements.</p><p><em>Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board</em>.</p></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.5,"publicationDate":"2024-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0164121224001535/pdfft?md5=0b4a756ac3f9ca9d2d70448deb6b44f2&pid=1-s2.0-S0164121224001535-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141134056","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-05-23DOI: 10.1016/j.jss.2024.112106
Richard May , Niklas Baron , Jacob Krüger , Thomas Leich
The COVID-19 virus has caused a global pandemic that has heavily impacted daily life. Rapid advances in testing and vaccinating led to an additional use case besides the well-known contact-tracing apps: certificate-verification systems. Verification systems are often commissioned by local authorities to enable more public life, and are often developed by smaller organizations or startups. So, the development of verification systems differs from other software projects, featuring interesting and unique properties. In this article, we present an experience report on the development of one verification system by a German startup, focusing on three properties: working in a pandemic, developing a product for handling a pandemic, and the startup context. To this end, we surveyed nine startup developers and analyzed the results with two experts from the startup. We found that the developers focused on fast delivery to cope with the time pressure of releasing the verification system, which is why some phases of typical development processes were hardly carried out. As a result, while the verification system is successful, we also identified negative effects of the properties (e.g., programming mistakes, well-being). We discuss our findings to guide researchers and practitioners in preparing for software engineering in future emergencies.
Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board.
{"title":"Pandemic startup software engineering: An experience report on the development of a COVID-19 certificate verification system","authors":"Richard May , Niklas Baron , Jacob Krüger , Thomas Leich","doi":"10.1016/j.jss.2024.112106","DOIUrl":"10.1016/j.jss.2024.112106","url":null,"abstract":"<div><p>The COVID-19 virus has caused a global pandemic that has heavily impacted daily life. Rapid advances in testing and vaccinating led to an additional use case besides the well-known contact-tracing apps: certificate-verification systems. Verification systems are often commissioned by local authorities to enable more public life, and are often developed by smaller organizations or startups. So, the development of verification systems differs from other software projects, featuring interesting and unique properties. In this article, we present an experience report on the development of one verification system by a German startup, focusing on three properties: working in a pandemic, developing a product for handling a pandemic, and the startup context. To this end, we surveyed nine startup developers and analyzed the results with two experts from the startup. We found that the developers focused on fast delivery to cope with the time pressure of releasing the verification system, which is why some phases of typical development processes were hardly carried out. As a result, while the verification system is successful, we also identified negative effects of the properties (e.g., programming mistakes, well-being). We discuss our findings to guide researchers and practitioners in preparing for software engineering in future emergencies.</p><p><em>Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board</em>.</p></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.5,"publicationDate":"2024-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0164121224001511/pdfft?md5=f96991edc7b8443c9ddcb553c4e26044&pid=1-s2.0-S0164121224001511-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141134680","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-05-22DOI: 10.1016/j.jss.2024.112107
Ruiyao Huang , Qingni Shen , Yuchen Wang , Yiqi Wu , Zhonghai Wu , Xiapu Luo , Anbang Ruan
Reentrancy, the most notorious vulnerability in smart contracts, has attracted extensive attention. To eliminate reentrancy before deploying contracts, there is a need to locate and repair the contracts. However, existing tools suffer from false positive localization, original semantics destruction, and high gas overhead. In this work, we propose a template-based gas-optimized reentrancy repair method with semantic maintenance. We avoid false positive locations from verifying the attack’s effectiveness, using connectivity and read–write dependencies. We design the semantic equivalence check algorithm based on the def-use chain. We optimize the lock and reordering templates for reentrancy repair and add semantic maintenance operations. We implement our tool, ReenRepair, and compare it with two state-of-the-art detection tools and two repair tools. The results show that ReenRepair yields good location precision, the highest repair rate, and the lowest gas overhead. All semantic changes caused by lock and 89.66% of semantic changes caused by reordering are successfully maintained.
{"title":"ReenRepair: Automatic and semantic equivalent repair of reentrancy in smart contracts","authors":"Ruiyao Huang , Qingni Shen , Yuchen Wang , Yiqi Wu , Zhonghai Wu , Xiapu Luo , Anbang Ruan","doi":"10.1016/j.jss.2024.112107","DOIUrl":"10.1016/j.jss.2024.112107","url":null,"abstract":"<div><p>Reentrancy, the most notorious vulnerability in smart contracts, has attracted extensive attention. To eliminate reentrancy before deploying contracts, there is a need to locate and repair the contracts. However, existing tools suffer from false positive localization, original semantics destruction, and high gas overhead. In this work, we propose a template-based gas-optimized reentrancy repair method with semantic maintenance. We avoid false positive locations from verifying the attack’s effectiveness, using connectivity and read–write dependencies. We design the semantic equivalence check algorithm based on the def-use chain. We optimize the lock and reordering templates for reentrancy repair and add semantic maintenance operations. We implement our tool, ReenRepair, and compare it with two state-of-the-art detection tools and two repair tools. The results show that ReenRepair yields good location precision, the highest repair rate, and the lowest gas overhead. All semantic changes caused by lock and 89.66% of semantic changes caused by reordering are successfully maintained.</p></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.5,"publicationDate":"2024-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141143359","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-05-22DOI: 10.1016/j.jss.2024.112110
Alexander Lercher, Johann Glock, Christian Macho, Martin Pinzger
Nowadays, many companies design and develop their software systems as a set of loosely coupled microservices that communicate via their Application Programming Interfaces (APIs). While the loose coupling improves maintainability, scalability, and fault tolerance, it poses new challenges to the API evolution process. Related works identified communication and integration as major API evolution challenges but did not provide the underlying reasons and research directions to mitigate them. In this paper, we aim to identify microservice API evolution strategies and challenges in practice and gain a broader perspective of their relationships. We conducted 17 semi-structured interviews with developers, architects, and managers in 11 companies and analyzed the interviews with open coding used in grounded theory. In total, we identified six strategies and six challenges for REpresentational State Transfer (REST) and event-driven communication via message brokers. The strategies mainly focus on API backward compatibility, versioning, and close collaboration between teams. The challenges include change impact analysis efforts, ineffective communication of changes, and consumer reliance on outdated versions, leading to API design degradation. We defined two important problems in microservice API evolution resulting from the challenges and their coping strategies: tight organizational coupling and consumer lock-in. To mitigate these two problems, we propose automating the change impact analysis and investigating effective communication of changes as open research directions.
Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board.
如今,许多公司将其软件系统设计和开发为一组松散耦合的微服务,这些微服务通过应用编程接口(API)进行通信。虽然松耦合提高了可维护性、可扩展性和容错性,但也给应用程序接口的演进过程带来了新的挑战。相关工作将通信和集成确定为 API 演进的主要挑战,但没有提供缓解这些挑战的根本原因和研究方向。在本文中,我们旨在确定微服务应用程序接口演进策略和实践中的挑战,并从更广阔的视角了解它们之间的关系。我们对 11 家公司的开发人员、架构师和管理人员进行了 17 次半结构化访谈,并采用基础理论中的开放式编码对访谈进行了分析。我们总共确定了六种策略和六种通过消息代理进行REST和事件驱动通信的挑战。策略主要集中在应用程序接口的向后兼容性、版本化和团队间的密切合作。面临的挑战包括变更影响分析工作、变更沟通不力,以及消费者对过时版本的依赖,从而导致应用程序接口设计退化。我们定义了微服务应用程序接口演进中的两个重要问题,这两个问题是由上述挑战及其应对策略造成的:紧密的组织耦合和消费者锁定。为了缓解这两个问题,我们建议将变更影响分析自动化和调查变更的有效沟通作为开放研究方向。编者注:开放科学材料已通过《系统与软件期刊》开放科学委员会的验证。
{"title":"Microservice API Evolution in Practice: A Study on Strategies and Challenges","authors":"Alexander Lercher, Johann Glock, Christian Macho, Martin Pinzger","doi":"10.1016/j.jss.2024.112110","DOIUrl":"https://doi.org/10.1016/j.jss.2024.112110","url":null,"abstract":"<div><p>Nowadays, many companies design and develop their software systems as a set of loosely coupled microservices that communicate via their Application Programming Interfaces (APIs). While the loose coupling improves maintainability, scalability, and fault tolerance, it poses new challenges to the API evolution process. Related works identified communication and integration as major API evolution challenges but did not provide the underlying reasons and research directions to mitigate them. In this paper, we aim to identify microservice API evolution strategies and challenges in practice and gain a broader perspective of their relationships. We conducted 17 semi-structured interviews with developers, architects, and managers in 11 companies and analyzed the interviews with open coding used in grounded theory. In total, we identified six strategies and six challenges for REpresentational State Transfer (REST) and event-driven communication via message brokers. The strategies mainly focus on API backward compatibility, versioning, and close collaboration between teams. The challenges include change impact analysis efforts, ineffective communication of changes, and consumer reliance on outdated versions, leading to API design degradation. We defined two important problems in microservice API evolution resulting from the challenges and their coping strategies: tight organizational coupling and consumer lock-in. To mitigate these two problems, we propose automating the change impact analysis and investigating effective communication of changes as open research directions.</p><p><em>Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board.</em></p></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.5,"publicationDate":"2024-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0164121224001559/pdfft?md5=b76a85b28918733ef471585dff36a45b&pid=1-s2.0-S0164121224001559-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141244326","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-05-22DOI: 10.1016/j.jss.2024.112105
Fabio Ferreira , Hudson Silva Borges , Marco Tulio Valente
Refactoring is a well-known technique to improve software quality. However, there are relevant domains where refactoring has not been studied in-depth before, such as JavaScript front-end frameworks. To fill this gap, we empirically study refactorings that developers perform when maintaining and evolving React-based Web applications. By manually inspecting 320 refactoring commits performed in open source projects, we catalog 69 distinct refactoring operations of which 25 are specific to React code, 17 are adaptations of traditional refactorings for the React context, 22 are traditional refactorings, and six are specific to JavaScript and CSS code. The catalog of refactorings proposed in this article might support practitioners when improving the maintainability of React applications.
Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board.
{"title":"Refactoring react-based Web apps","authors":"Fabio Ferreira , Hudson Silva Borges , Marco Tulio Valente","doi":"10.1016/j.jss.2024.112105","DOIUrl":"10.1016/j.jss.2024.112105","url":null,"abstract":"<div><p>Refactoring is a well-known technique to improve software quality. However, there are relevant domains where refactoring has not been studied in-depth before, such as JavaScript front-end frameworks. To fill this gap, we empirically study refactorings that developers perform when maintaining and evolving <span>React</span>-based Web applications. By manually inspecting 320 refactoring commits performed in open source projects, we catalog 69 distinct refactoring operations of which 25 are specific to <span>React</span> code, 17 are adaptations of traditional refactorings for the <span>React</span> context, 22 are traditional refactorings, and six are specific to JavaScript and CSS code. The catalog of refactorings proposed in this article might support practitioners when improving the maintainability of <span>React</span> applications.</p><p><em>Editor’s note: Open Science material was validated by the Journal of Systems and Software Open Science Board</em>.</p></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.5,"publicationDate":"2024-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141133753","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-05-20DOI: 10.1016/j.jss.2024.112088
Francesco Bertolotti , Walter Cazzola , Dario Ostuni , Carlo Castoldi
In this work, we introduce Basilisk, a high-level architectural pattern designed to facilitate interoperability among various languages, platforms, and ecosystems. The pursuit of language-independent software development is highly desirable, enabling developers to utilize existing software products with most programming languages. Achieving platform independence is equally advantageous, allowing code deployment on different platforms effortlessly. While the development community has often aimed for either language or platform independence, Basilisk aims to combine both into a single product. To realize this dual objective, Basilisk employs two fundamental components. The first is a transpilation infrastructure used to render software products language-independent. The second is an abstraction layer over platforms, enabling the creation of platform-independent software products. To illustrate Basilisk’s potential, we introduce Hydra, a one-to-many, declarative transpilation infrastructure. Hydra has been utilized to develop transpilers from HydraKernel (source language) to various target languages, including D, C++, C#, Scala, Ruby, Hy, and Python. Additionally, we instantiate the abstraction layer in Wyvern, a low-level embedded domain-specific language for GPU programming, supporting any Vulkan-compatible GPU. With the Hydra transpilation infrastructure, Wyvern becomes available for D, C++, C#, Scala, Ruby, Hy, and Python. We evaluate Basilisk through the instantiation of Hydra and Wyvern, writing five algorithms from the Rodinia suite for the seven available languages, totaling 35 benchmarks. These benchmarks are executed on four different hardware platforms.
{"title":"When the dragons defeat the knight: Basilisk an architectural pattern for platform and language independent development","authors":"Francesco Bertolotti , Walter Cazzola , Dario Ostuni , Carlo Castoldi","doi":"10.1016/j.jss.2024.112088","DOIUrl":"10.1016/j.jss.2024.112088","url":null,"abstract":"<div><p>In this work, we introduce Basilisk, a high-level architectural pattern designed to facilitate interoperability among various languages, platforms, and ecosystems. The pursuit of <em>language-independent</em> software development is highly desirable, enabling developers to utilize existing software products with most programming languages. Achieving <em>platform independence</em> is equally advantageous, allowing code deployment on different platforms effortlessly. While the development community has often aimed for either language or platform independence, Basilisk aims to combine both into a single product. To realize this dual objective, Basilisk employs two fundamental components. The first is a <em>transpilation infrastructure</em> used to render software products language-independent. The second is an <em>abstraction layer</em> over platforms, enabling the creation of platform-independent software products. To illustrate Basilisk’s potential, we introduce Hydra, a one-to-many, declarative transpilation infrastructure. Hydra has been utilized to develop transpilers from HydraKernel (source language) to various target languages, including D, C++, C#, Scala, Ruby, Hy, and Python. Additionally, we instantiate the abstraction layer in Wyvern, a low-level embedded domain-specific language for GPU programming, supporting any Vulkan-compatible GPU. With the Hydra transpilation infrastructure, Wyvern becomes available for D, C++, C#, Scala, Ruby, Hy, and Python. We evaluate Basilisk through the instantiation of Hydra and Wyvern, writing five algorithms from the Rodinia suite for the seven available languages, totaling 35 benchmarks. These benchmarks are executed on four different hardware platforms.</p></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":null,"pages":null},"PeriodicalIF":3.5,"publicationDate":"2024-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S016412122400133X/pdfft?md5=3c4ee0668e1e7655f0acbd4a1aaeaa65&pid=1-s2.0-S016412122400133X-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141141292","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}