Information and Software Technology最新文献

For many years, Guenther Ruhe was a fellow of the International Software Product Management Association, playing an important role in shaping the academic and practical landscapes of Software Product Management (SPM). This editorial note honors Ruhe's enduring impact on the SPM Body of Knowledge, evaluating his extensive contributions to SPM research and practice, and recognizing his legacy in shaping the future trajectory of the field. By examining Ruhe's academic publications and his role in developing the SPM Body of Knowledge, we highlight key areas of his influence, particularly in release planning and requirements engineering. His integration of empirical research into SPM has notably enhanced the discipline's rigor and relevance. Ruhe's contributions to the SPM Body of Knowledge are profound and far-reaching, establishing his work as a cornerstone for ongoing research and practice in SPM.

Logs record rich information that can help operators diagnose system failure [1]. Analyzing logs in log streams can expedite the diagnostic process and effectively mitigate the impact of failures. Log parsing is a prerequisite for automated log analysis, which transforms semi-structured logs into structured logs. However, the effectiveness of existing parsers has only been evaluated on a limited set of logs, which lack sufficient log types. After conducting a more comprehensive evaluation of the existing log parser, we identified the following deficiencies: (1) Variable-starting logs can make some log parsers error-prone. (2) The order of logs in a log stream can have a great impact on the effectiveness. We proposes XDrain to satisfy these challenges by using fixed-depth forest. XDrain first shuffles the order of logs and the order of words within each log a few times. Secondly, XDrain will generate parsing forest for all the logs generated after the shuffling. Finally, the final log template is generated by voting. Evaluation results show that XDrain outperforms existing log parsers on two widely-used accuracy metrics and is immune to inappropriate log order. XDrain only takes about 97.89 s to parse one million logs on average.

Context:

Code review is effective and widely used, yet still time-consuming. Especially, in large-scale software systems, developers may forget to change other related functions that must be changed together (aka. co-changes). This may increase the number of review iterations and reviewing time, thus delaying the code review process. Based on our analysis of 66 projects from five open-source systems, we find that there are 16%–33% of code reviews where at least one function must be co-changed, but was not initially changed.

Objectives:

This study aims to propose an approach to recommend co-changed functions in the context of modern code review, which could reduce reviewing time and iterations and help developers identify functions that need to be changed together.

Methods:

We propose CoChangeFinder, a novel method that employs a Graph Neural Network (GNN) to recommend co-changed functions for newly submitted code changes. Then, we conduct a quantitative and qualitative evaluation of CoChangeFinder with 66 studied large-scale open-source software projects.

Results:

Our evaluation results show that our CoChangeFinder outperforms the state-of-the-art approach, achieving 3.44% to 40.45% for top-k accuracy, 2.00% to 26.07% for Recall@k, and 0.04 to 0.21 for mean average precision better than the baseline approach. In addition, our CoChangeFinder demonstrates the capacity to pinpoint the functions related to logic changes.

Conclusion:

Our CoChangeFinder outperforms the baseline approach (i.e., TARMAQ) in recommending co-changed functions during the code review process. Based on our findings, CoChangeFinder could help developers save their time and effort, reduce review iterations, and enhance the efficiency of the code review process.

Function calls in execution contain rich bivariate, hierarchical, and chronological information. Many visualizations have been adopted to analyze function calls in execution for program testing, vulnerability locating, and malware detection. However, we conducted a pilot study and revealed that existing single-viewed function call visualizations fail to present the bivariate, hierarchical, and chronological information comprehensively. A new function call visualization named FCTree is proposed in this work to deal with this situation. Learned from advantages of existing visualizations and iterative discussions with actual users, FCTree uses a compact and aligned hierarchical layout design to present the bivariate and hierarchical information and adopts a glyph design to present the chronological information. Subjective and objective experiments in the laboratory and a field study in a real-world scenario were conducted to evaluate the effectiveness of FCTree.

Context

Software startups are immature software organizations that focus on the development of a single software product or service. This organizational context accumulates a lot of technical debt to cope with constraints such as limited resources and product-market fit uncertainty. While some research has explored technical debt in startups, there is no study that investigates how software startups should make technical debt decisions throughout the startup evolution stages.

Objective

The objective of this study is to understand how technical debt decisions are made, and how such decisions should have been made in hindsight.

Method

We conducted a multiple embedded case study to investigate technical debt decisions in five web/mobile app startups. For each case, we interviewed the case founder and developer (a total of 17 participants across cases). In addition, we collected some public documents about the five startups. The data were analyzed using qualitative data analysis techniques.

Results

We developed a rule-based decision model that summarizes the logic to effectively make technical debt decisions throughout the startup evolution stages. In addition, we evaluated the model by conducting follow-up interviews with three participants.

Conclusion

The study provides a decision model that reflects actual practice, and is designed to help software teams in startups when making technical debt decisions throughout the startup evolution stages.

Context:

The adoption of remote work models and the global nature of software projects have significantly transformed collaboration and communication within the software development industry. Remote meetings have become a common means of collaboration for software development teams.

Objective:

This study seeks to enhance our understanding of remote meeting practices in software teams. It identifies the benefits of remote meetings, the problems associated with remote meetings, tools used to facilitate remote meetings and provides recommended good practices. The study employs a systematic literature review to assist remote teams in improving their meeting practices and identifying areas for future research.

Methods:

We conducted a systematic literature review that involved searching multiple databases and employing quantitative and qualitative analysis techniques on the identified set of studies to answer our research questions.

Results:

The search yielded 30 papers offering valuable insights into remote meeting practices in software teams. Remote meetings offer advantages over traditional in-person meetings such as increased effectiveness and ease of attendance. However, challenges exist such as technological issues, ineffective collaboration, and reduced team socialization. Identified good practices to mitigate the challenges include inserting breaks in longer meetings, catch-up time at the start of meeting, communicating goals in advance of the meeting, and pre-recording demos.

Conclusion:

The study explored remote meetings in software teams. We identified advantages that remote meetings have in comparison to in-person meetings, challenges to remote meetings, and good practices along with supportive tooling. While the practices help in promoting effective meetings, additional research is required to further improve remote meeting experiences. Researching topics such as investigating different types of meetings common to software development teams along with the potential for novel tools to better support meetings will help identify additional practices and tools that can benefit remote teams.

Context:

The accelerated growth of the Internet and the advent of artificial intelligence have led to a heightened interdependence of open source products, which has in turn resulted in a rise in the frequency of security incidents. Consequently, the cost-effective, fast and efficient detection of hidden code vulnerabilities in open source software products has become an urgent challenge for both academic and engineering communities.

Objectives:

In response to this pressing need, a novel and efficient code vulnerability detection model has been proposed: the Graph-Bi-Directional Long Short-Term Memory Network Algorithm (Graph-BiLSTM). The algorithm is designed to enable the detection of vulnerabilities in Github’s code commit records on a large scale, at low cost and in an efficient manner.

Methods:

In order to extract the most effective code vulnerability features, state-of-the-art vulnerability datasets were compared in order to identify the optimal training dataset. Initially, the Joern tool was employed to transform function-level code blocks into Code Property Graphs (CPGs). Thereafter, structural features (degree centrality, Katz centrality, and closeness centrality) of these CPGs were computed and combined with the embedding features of the node sequences to form a two-dimensional feature vector space for the function-level code blocks. Subsequently, the BiLSTM network algorithm was employed for the automated extraction and iterative model training of a substantial number of vulnerability code samples. Finally, the trained algorithmic model was applied to code commit records of open-source software products on GitHub, achieving effective detection of hidden code vulnerabilities.

Conclusion:

Experimental results indicate that the PrimeVul dataset represents the most optimal resource for vulnerability detection. Moreover, the Graph-BiLSTM model demonstrated superior performance in terms of accuracy, training cost, and inference time when compared to state-of-the-art algorithms for the detection of vulnerabilities in open-source software code on GitHub. This highlights the significant value of the model for engineering applications.

Software patches are pivotal in refining and evolving codebases, addressing bugs, vulnerabilities, and optimizations. Patch descriptions provide detailed accounts of changes, aiding comprehension and collaboration among developers. However, manual description creation poses challenges in terms of time consumption and variations in quality and detail. In this paper, we propose PatchExplainer, an approach that addresses these challenges by framing patch description generation as a machine translation task. In PatchExplainer, we leverage explicit representations of critical elements, historical context, and syntactic conventions. Moreover, the translation model in PatchExplainer is designed with an awareness of description similarity. Particularly, the model is explicitly trained to recognize and incorporate similarities present in patch descriptions clustered into groups, improving its ability to generate accurate and consistent descriptions across similar patches. The dual objectives maximize similarity and accurately predict affiliating groups. Our experimental results on a large dataset of real-world software patches show that PatchExplainer consistently outperforms existing methods, with improvements up to 189% in BLEU, 5.7X in Exact Match rate, and 154% in Semantic Similarity, affirming its effectiveness in generating software patch descriptions.

Context:

The emergence of quantum computing proposes a revolutionary paradigm that can radically transform numerous scientific and industrial application domains. The ability of quantum computers to scale computations beyond what the current computers are capable of implies better performance and efficiency for certain algorithmic tasks.

Objective:

However, to benefit from such improvement, quantum computers must be integrated with existing software systems, a process that is not straightforward. In this paper, we propose a unified execution model that addresses the challenges that emerge from building hybrid classical-quantum applications at scale.

Method:

Following the Design Science Research methodology, we proposed a convention for mapping quantum resources and artifacts to Kubernetes concepts. Then, in an experimental Kubernetes cluster, we conducted experiments for scheduling and executing quantum tasks on both quantum simulators and hardware.

Results:

The experimental results demonstrate that the proposed platform Qubernetes (or Kubernetes for quantum) exposes the quantum computation tasks and hardware capabilities following established cloud-native principles, allowing seamless integration into the larger Kubernetes ecosystem.

Conclusion:

The quantum computing potential cannot be realized without seamless integration into classical computing. By validating that it is practical to execute quantum tasks in a Kubernetes infrastructure, we pave the way for leveraging the existing Kubernetes ecosystem as an enabler for hybrid classical-quantum computing.

Context

Mobile apps (software) are used in almost all aspects of daily life by billions of people. Given the widespread use of mobile apps in various domains, the demand for systematic testing of their Graphical User Interfaces (GUI) is crucial. Despite the significant advances in automated mobile app testing over the last decade, certain challenges remain, most notably the app-specific GUI test-oracle problem, which can significantly hinder the effective detection of defects in mobile apps. In this study, we introduce the use of GUI-level invariants, referred to as GUI invariants, as app-specific GUI oracles in GUI test cases to address this challenge.

Methods

We propose a semi-automatic solution to extract GUI invariants and use them as app-specific GUI oracles in test cases. We use the mutation testing technique to evaluate the (fault detection) effectiveness of the GUI oracles used. In addition, we evaluate their quality aspects, namely correctness, understandability, and compatibility, from the perspective of human experts using a questionnaire survey.

Results

The empirical results show that the GUI oracles used are effective and helpful, as they improved the fault-detection effectiveness of the empirical test suites ranging from 18% to 32%. These results also highlight the efficacy of GUI oracles used in identifying various defects, including crashing and non-crashing functional issues, and surpassing the performance of existing tools in fault-detection rates. Additionally, the questionnaire survey outcomes indicate that the GUI oracles used are correct, understandable, and compatible.

Conclusions

Based on the empirical results, we can conclude that using GUI invariants as GUI oracles can be useful and effective in mobile app testing.