A field study of how developers locate features in source code

Our current understanding of how programmers perform feature location during software maintenance is based on controlled studies or interviews, which are inherently limited in size, scope and realism. Replicating controlled studies in the field can both explore the findings of these studies in wider contexts and study new factors that have not been previously encountered in the laboratory setting. In this paper, we report on a field study about how software developers perform feature location within source code during their daily development activities. Our study is based on two complementary field data sets: one that reflects complete IDE activity of 67 professional developers over approximately one month, and the other that reflects usage of an IR-based code search tool by nearly 600 developers. Analyzing this data, we report results on how often developers use which type of code search tools, on the types of queries and retreival strategies used by developers, and on patterns of developer feature location behavior following code search. The results of the study suggest that there is (1) a need for helping developers to devise better code search queries; (2) a lack of adoption of niche code search tools; (3) a need for code search tool to handle both lookup and exploratory queries; and (4) a need for better integration between code search, structured navigation, and debugging tools in feature location tasks.     

联邦成员框架代码的自动生成技术研究

联邦成员软件的开发者面临着学习和使用RTI库的问题,大量低层接口的编程往往会使联邦开发者的注意力从联邦问题域转移到RTI技术细节上去.因此生成联邦成员框架代码的设计和实现可以大大降低成员软件开发难度,加快成员软件开发.该文通过分析联邦成员的程序流程和软件组成,采用面向对象的方法对联邦成员进行了抽象,设计了一些体现联邦成员特征的基本类,并基于这些设计实现了一种由HLA对象模型（FOM/SOM）自动生成联邦成员软件框架代码的方法.在RTI和实际的仿真实体模型间提供了一个抽象层,开发者不必考虑联邦成员与RTI之间的信息交换过程,只负责实现仿真实体模型的仿真功能,从而在成员级上实现了成员代码重用.     

一种网格环境下的软件配置管理系统

为能够让异地的开发人员充分利用稀有的网格资源环境来协同开发、调试代码，我们提出了网格环境下的软件配置管理系统。本文简要介绍了该系统的功能、结构框架，并详细阐述了该系统的核心技术和关键机制。     

Understanding reuse of software examples: A case study of prejudice in a community of practice

ContextThe context of this research is software developers’ perceptions about the use of code examples in professional software development.ObjectiveThe primary objective of this paper is to identify the human factors that dominate example usage among professional software developers, and to provide a theory that explains these factors.MethodTo achieve this goal, we analyzed the perceptions of professional software developers as manifested on LinkedIn online community. We analyzed the data qualitatively using adapted grounded theory research procedures.ResultsThe research yields an initial framework of key factors that dominate professional developers’ perception regarding example usage. We use the theoretical lens of prejudice theory to put these factors in a broader context, and outline initial recommendations to address these factors in professional organizational context.ConclusionThe results of this work, in particular the use of qualitative techniques – allowed us to obtain rich insight into key human factors that affect professional software developers, and enrich the body of literature on the issues of reuse. These factors need to be taken into account as part of an organizational reuse strategy.     

Answering software evolution questions: An empirical evaluation

ContextDevelopers often need to find answers to questions regarding the evolution of a system when working on its code base. While their information needs require data analysis pertaining to different repository types, the source code repository has a pivotal role for program comprehension tasks. However, the coarse-grained nature of the data stored by commit-based software configuration management systems often makes it challenging for a developer to search for an answer.ObjectiveWe present Replay, an Eclipse plug-in that allows developers to explore the change history of a system by capturing the changes at a finer granularity level than commits, and by replaying the past changes chronologically inside the integrated development environment, with the source code at hand.MethodWe conducted a controlled experiment to empirically assess whether Replay outperforms a baseline (SVN client in Eclipse) on helping developers to answer common questions related to software evolution.ResultsThe experiment shows that Replay leads to a decrease in completion time with respect to a set of software evolution comprehension tasks.ConclusionWe conclude that there are benefits in using Replay over the state of the practice tools for answering questions that require fine-grained change information and those related to recent changes.     

A `crystal ball' for software liability

Software developers are living in a liability grace period, but it won't last. To adequately insure themselves against potential liability, developers need tools to identify worst-case scenarios and help them quantify the risks associated with a piece of software. For assessing such risks associated with software, the authors recommend fault injection, which provides worst-case predictions about how badly a piece of code might behave and how frequently it might behave that way. By contrast, software testing states how good software is. But even correct code can have “bad days”, when external influences keep it from working as desired. Fault injection is arguably the next best thing to having a crystal ball, and it certainly beats facing the future with no predictions at all. It should be a regular part of risk assessment. The greatest benefit from fault injection occurs when a piece of software does not tolerate injected anomalies. False optimism gives way to the only honest claim-that the software presents risks     

一种针对单元测试框架的测试脚本重用方法

单元测试框架下的软件测试将产生大量的测试脚本, 在软件测试过程中如何有效利用现有的测试脚本, 实现软件测试脚本（代码）的重用成为业界关心的一个重要问题。业界最常见的复用需求是当开发项目更换新的测试框架时, 如何重用开发人员在原单元测试框架下积累的测试脚本。针对这一问题, 提出了基于测试脚本移植的重用方案。通过对单元测试脚本的分析和自动翻译方法, 将原测试脚本中包含的信息提取出来, 解析为基于XML的中间脚本, 然后再利用XSLT技术, 依据XML记录的信息, 自动生成目标框架的单元测试脚本, 从而解决单元测试脚本的重用问题。最后实验验证了方案的可行性。     

Exception analysis in the Java Native Interface

A Foreign Function Interface (FFI) allows one host programming language to interoperate with another foreign language. It enables efficient software development by permitting developers to assemble components in different languages. One typical FFI is the Java Native Interface (JNI), through which Java programs can invoke native-code components developed in C, C++, or assembly code. Although FFIs bring convenience to software development, interface code developed in FFIs is often error prone because of the lack of safety and security enforcement. This paper introduces a static-analysis framework, TurboJet, which finds exception-related bugs in JNI applications. It finds bugs of inconsistent exception declarations and bugs of mishandling JNI exceptions. TurboJet is carefully engineered to achieve both high efficiency and accuracy. We have applied TurboJet on a set of benchmark programs and identified many errors. We have also implemented a practical Eclipse plug-in based on TurboJet that can be used by JNI programmers to find errors in their code.     

A knowledge-based framework for extracting components in agile systems development

Considerable strides have been made in the use of components in software development. Many proprietary enterprise resource planning (ERP) software environments use modular components to develop and customize “best practices” to meet a specific organizational need. In agile application development, many developers and users are asked to design systems in a short period of time. These applications may use components that are embedded in software repositories. The challenge then is how to select the right software components (data and procedures) to meet an application requirement. Although experienced developers may select and customize components to meet the needs of an application, such expertise may not be available to other applications. This paper presents a knowledge-based framework to select and customize software components and demonstrates its value in deriving quality specifications, even when the developers are relatively inexperienced.     

A framework for developing home automation systems: From requirements to code

This article presents an integrated framework for the development of home automation systems following the model-driven approach. By executing model transformations the environment allows developers to generate executable code for specific platforms. The tools presented in this work help developers to model home automation systems by means of a domain specific language which is later transformed into code for home automation specific platforms. These transformations have been defined by means of graph grammars and template engines extended with traceability capabilities. Our framework also allows the models to be reused for different applications since a catalogue of requirements is provided. This framework enables the development of home automation applications with techniques for improving the quality of both the process and the models obtained. In order to evaluate the benefits of the approach, we conducted a survey among developers that used the framework. The analysis of the outcome of this survey shows which conditions should be fulfilled in order to increase reusability.     

V-Market: A framework for agent e-commerce systems

Software agent technology is still an emerging technology, and as such, agent based software design is still in its infancy. Software agents have just started to be used in the e-commerce domain, and they are already beginning to create a series of new possibilities for this arena. Agents can be used to automate, as well as to enhance many stages of the traditional consumer-buying behavior process. This paper proposes a software engineering approach to the design of agent mediated e-commerce systems, through the definition of an object-oriented framework. The paper presents the underlying concepts, and the architecture of the environment, showing how it allows developers to customize virtual marketplaces, and to define transaction categories on demand, incorporating many possible products and services that can be traded online. This revised version was published online in August 2006 with corrections to the Cover Date.     

SQA-Mashup: A mashup framework for continuous integration

ContextContinuous Integration (CI) has become an established best practice of modern software development. Its philosophy of regularly integrating the changes of individual developers with the master code base saves the entire development team from descending into Integration Hell, a term coined in the field of extreme programming. In practice, CI is supported by automated tools to cope with this repeated integration of source code through automated builds and testing. One of the main problems, however, is that relevant information about the quality and health of a software system is both scattered across those tools and across multiple views.ObjectiveThis paper introduces a quality awareness framework for CI-data and its conceptional model used for the data integration and visualization. The framework called SQA-Mashup makes use of the service-based mashup paradigm and integrates information from the entire CI-toolchain into a single service.MethodThe research approach followed in our work consists out of (i) a conceptional model for data integration and visualization, (ii) a prototypical framework implementation based on tool requirements derived from literature, and (iii) a controlled user study to evaluate its usefulness.ResultsThe results of the controlled user study showed that SQA-Mashup’s single point of access allows users to answer questions regarding the state of a system more quickly (57%) and accurately (21.6%) than with standalone CI-tools.ConclusionsThe SQA-Mashup framework can serve as one-stop shop for software quality data monitoring in a software development project. It enables easy access to CI-data which otherwise is not integrated but scattered across multiple CI-tools. Our dynamic visualization approach allows for a tailoring of integrated CI-data according to information needs of different stakeholders such as developers or testers.     

A market-driven approach to teaching software components engineering

The emergence of software component standards and tools for creating software components is leading to an increasing number of software component developers. Traditional software engineering education, however, emphasizes methods for developing large software packages. It is not clear whether such methods are appropriate for developing components. New techniques may be needed to teach the skills necessary for component development. We identify two skills software developers need to successfully develop components, which are not emphasized in traditional software engineering education: (a) uncovering multiple-customer domain semantics; and (b) making explicit multiple-customer framework semantics. Both skills are multiple constraint satisfaction problems. We further argue that training students to produce and market components in a simulated software components marketplace – rather than the more conventional classroom teaching + component homework assignments/projects – is an effective way of teaching such skills. We then describe an environment we created called SofTrade that simulates a components market and allows students to acquire the necessary skills. We provide a detailed case study of how a student component-producer team used market feedback to determine domain and framework semantics. We end by discussing the importance of market-driven approaches for teaching software components engineering and how such approaches fit into existing software engineering curricula.     

Field experience with obfuscating million-user iOS apps in large enterprise mobile development

In recent years, mobile apps have become the infrastructure of many popular Internet services. It is now common that a mobile app serves millions of users across the globe. By examining the code of these apps, reverse engineers can learn various knowledge about the design and implementation of the apps. Real-world cases have shown that the disclosed critical information allows malicious parties to abuse or exploit the app-provided services for unrightful profits, leading to significant financial losses. One of the most viable mitigations against malicious reverse engineering is to obfuscate the apps. Despite that security by obscurity is typically considered to be an unsound protection methodology, software obfuscation can indeed increase the cost of reverse engineering, thus delivering practical merits for protecting mobile apps. In this paper, we share our experience of applying obfuscation to multiple commercial iOS apps, each of which has millions of users. We discuss the necessity of adopting obfuscation for protecting modern mobile business, the challenges of software obfuscation on the iOS platform, and our efforts in overcoming these obstacles. We especially focus on factors that are unique to mobile software development that may affect the design and deployment of obfuscation techniques. We report the outcome of our obfuscation with empirical experiments. We additionally elaborate on the follow-up case studies about how our obfuscation affected the app publication process and how we responded to the negative impacts. This experience report can benefit mobile developers, security service providers, and Apple as the administrator of the iOS ecosystem.     

An Exploratory Study of How Developers Seek, Relate, and Collect Relevant Information during Software Maintenance Tasks

Much of software developers' time is spent understanding unfamiliar code. To better understand how developers gain this understanding and how software development environments might be involved, a study was performed in which developers were given an unfamiliar program and asked to work on two debugging tasks and three enhancement tasks for 70 minutes. The study found that developers interleaved three activities. They began by searching for relevant code both manually and using search tools; however, they based their searches on limited and misrepresentative cues in the code, environment, and executing program, often leading to failed searches. When developers found relevant code, they followed its incoming and outgoing dependencies, often returning to it and navigating its other dependencies; while doing so, however, Eclipse's navigational tools caused significant overhead. Developers collected code and other information that they believed would be necessary to edit, duplicate, or otherwise refer to later by encoding it in the interactive state of Eclipse's package explorer, file tabs, and scroll bars. However, developers lost track of relevant code as these interfaces were used for other tasks, and developers were forced to find it again. These issues caused developers to spend, on average, 35 percent of their time performing the mechanics of navigation within and between source files. These observations suggest a new model of program understanding grounded in theories of information foraging and suggest ideas for tools that help developers seek, relate, and collect information in a more effective and explicit manner     

Toward Automated Support for Transparent Interoperable Queries

Many Object-Oriented Databases (OODBs) use programming languages that predate Java, such as C++, CLOS and Smalltalk. Thus, there is a growing need for interoperating these OODBs with new applications that require Java. Unfortunately, there are few mechanisms that allow software developers to easily integrate Java applications with non-Java OODBs. Although various interoperability mechanisms have been developed over the years, these approaches have some significant drawbacks in practice. They are often difficult to use, provide little, if any, automated support, and produce software that is difficult to engineer and maintain. In this paper, we describe an interoperability approach that allows application developers to seamlessly and transparently access non-Java OODBs from Java applications. We first present JOQL, a Java-based object query language that we are developing. JOQL queries are embedded in Java applications and are used to perform queries over C++-based OODBs. We also describe an accompanying toolset that processes Java programs containing JOQL queries. The toolset produces all the necessary code allowing Java applications to access and manipulate a C++-based OODB. As a result, application developers are free to work in Java without having to concern themselves with the details of interoperating with C++. Finally, we provide some preliminary experimental data that demonstrates our approach incurs a reasonable performance overhead.     

How are Java software developers using the Elipse IDE?

The Eclipse integrated development environment continues to gain popularity among Java developers. Our usage monitoring approach allows tool builders to sample how developers are using their tools in the wild. The data gathered about tool use can be used to prevent feature bloat and to evolve the environments according to user needs. Information about how developers work in a development environment can also provide a baseline for assessing new software development tools. We hope this report provides a start in defining which in formation to collect and distribute on an on going basis to help improve Eclipse and other similar platforms and tools.     

Time dependent processing in a parallel pipeline architecture

Pipeline architectures provide a versatile and efficient mechanism for constructing visualizations, and they have been implemented in numerous libraries and applications over the past two decades. In addition to allowing developers and users to freely combine algorithms, visualization pipelines have proven to work well when streaming data and scale well on parallel distributed-memory computers. However, current pipeline visualization frameworks have a critical flaw: they are unable to manage time varying data. As data flows through the pipeline, each algorithm has access to only a single snapshot in time of the data. This prevents the implementation of algorithms that do any temporal processing such as particle tracing; plotting over time; or interpolation, fitting, or smoothing of time series data. As data acquisition technology improves, as simulation time-integration techniques become more complex, and as simulations save less frequently and regularly, the ability to analyze the time-behavior of data becomes more important. This paper describes a modification to the traditional pipeline architecture that allows it to accommodate temporal algorithms. Furthermore, the architecture allows temporal algorithms to be used in conjunction with algorithms expecting a single time snapshot, thus simplifying software design and allowing adoption into existing pipeline frameworks. Our architecture also continues to work well in parallel distributed-memory environments. We demonstrate our architecture by modifying the popular VTK framework and exposing the functionality to the ParaView application. We use this framework to apply time-dependent algorithms on large data with a parallel cluster computer and thereby exercise a functionality that previously did not exist.     

API-Evolution Support with Diff-CatchUp

Applications built on reusable component frameworks are subject to two independent, and potentially conflicting, evolution processes. The application evolves in response to the specific requirements and desired qualities of the application's stakeholders. On the other hand, the evolution of the component framework is driven by the need to improve the framework functionality and quality while maintaining its generality. Thus, changes to the component framework frequently change its API on which its client applications rely and, as a result, these applications break. To date, there has been some work aimed at supporting the migration of client applications to newer versions of their underlying frameworks, but it usually requires that the framework developers do additional work for that purpose or that the application developers use the same tools as the framework developers. In this paper, we discuss our approach to tackle the API-evolution problem in the context of reuse-based software development, which automatically recognizes the API changes of the reused framework and proposes plausible replacements to the "obsolete" API based on working examples of the framework code base. This approach has been implemented in the Diff-CatchUp tool. We report on two case studies that we have conducted to evaluate the effectiveness of our approach with its Diff-CatchUp prototype.