开源社区评审过程度量体系及其实证研究

在开源社区中,不同开发人员提交的代码水平参差不齐,需要代码评审检查提交代码质量.决策者是代码评审的关键人物,审核提交代码,发现软件缺陷.代码评审情况会对开源软件质量产生影响,因此需要建立评审过程度量体系,了解代码评审情况,促进提高开源软件项目质量.现有的软件过程度量方法主要考虑提交代码和评审评论活动,缺乏考虑决策活动,难以充分度量人员的评审行为.引入决策者因素,提出了一个开源社区评审过程度量体系,包括评审活动指标和人员分布指标.评审活动指标包含评审次数、评审信息长度、评审代码改动行数以及评审时间.人员分布指标主要考虑改动者、评论者和决策者的比例和数量.然后,收集了3个热门开源项目数据,分析评审过程度量指标与软件缺陷数量的关系.通过实证研究分析发现：决策者数量,少改动、少评论、少决策者的比例等决策者相关指标和软件缺陷数量中等正相关.同时,与不考虑决策者的度量体系进行对比分析,发现含有决策者的度量体系与软件缺陷的相关性更高.实证研究结果验证了评审过程度量体系的有效性,说明增加决策者相关指标的必要性.     

代码审查中代码变更恢复的经验研究

代码审查是一种由其他开发者而非代码作者本人评审代码的形式.在代码审查系统中,开发者通过提交代码变更来修复软件缺陷或添加软件特性.并非所有的代码变更都会被集成到代码库中,部分代码变更会被拒收.被拒收的代码变更有可能被恢复,并继续接受审查,提供代码贡献者改进代码变更的机会.然而,审查恢复过的代码变更需要花费更多的时间.收集了4个开源项目中的920 700条代码变更,采用主题分析方法识别出11类代码变更恢复的原因,并定量分析被恢复的代码变更的特征.主要发现包括:1)导致代码变更恢复的原因中,“提升改进”类型占比最大; 2)不同项目之间,代码变更被恢复的原因类别分布存在差异,但并不显著; 3)与从未恢复过的代码变更相比,恢复的代码变更接收率低10%,评论数量平均多1.9倍,审查所用时间平均多5.8倍; 4) 81%的恢复代码变更被接收, 19%的恢复代码变更被拒收.     

基于关键类判定的代码提交理解辅助方法

软件代码提交是最重要的软件版本演化数据之一,被广泛应用于软件审查和软件理解中.对于程序员,提交的理解难度随着受影响的类数量、修改的代码量的增加而增加.本文通过对大量数据的分析发现,识别出提交中核心的修改类（关键类）,以及为了完成这个核心修改所进行的依赖性改动的类（非关键类）,能够辅助代码提交的理解.受机器学习技术在分类领域有效性的启发,本文提出一种基于机器学习的关键类识别方法,将判定提交中的关键类建模为二分类问题（即：关键和非关键类）,从软件演化过程中产生的海量提交数据中抽取可判别性特征来度量类的关键性.在多个数据集上的实验结果表明,我们的方法判定关键类的综合准确率达到了87%;相比于开发人员直接理解提交,使用关键类信息提示来辅助理解提交能够显著提高开发人员的效率和正确率.     

软件代码缺陷分类及其应用

分析现有软件缺陷分类方法,基于对航空型号软件实施代码审查的实际经验,提出较完善的代码缺陷分类,将其应用于某航空型号软件代码审查,发现的缺陷占全部测试所得的75％。给出可以覆盖该缺陷类型的新类型。检验结果表明,该代码缺陷分类可以有效指导代码审查。     

代码审查自动化研究综述

随着现代软件规模的不断扩大,协作开发成为软件开发的主流趋势,代码审查成为了现代化软件开发的重要工作流程.但由于人工代码评审往往耗费审查者较大精力,且存在审查者不匹配或审查者水平有限等问题,人工代码评审的质量和效率难以保证,且审查后的代码修复也十分费时费力.因此亟需研究人员为代码审查流程进行改进,提供自动化思路.本文对代码审查自动化相关研究进行系统梳理和总结,并重点介绍4种主要方向:审查者推荐、代码变更质量评估、审查意见生成和代码自动修复.并整理了相关方向的148篇研究,对每个方向的研究进行技术分类与分析.随后,本文整理了各方向研究任务的评估方法,并整理出常用的数据集与开源工具.最后,对代码审查自动化领域面临的问题进行梳理,并对未来研究进行展望.     

面向代码审查的细粒度代码变更溯源方法

代码审查是现代软件分布式并行开发过程中的重要机制. 在代码评审时, 帮助代码评审者快速查看某一段源代码的演化过程, 可以让评审者快速理解此段代码变更的原因和必要性, 从而有效提升代码评审的效率与质量. 现有工作虽然提供了一些类似的代码提交历史回溯方法及对应工具, 但缺乏从历史数据中进一步提取辅助代码评审相关辅助信息的能力. 为此, 提出一个面向代码评审的细粒度代码变更溯源方法C2Tracker. 给定一段方法(函数)级别的细粒度代码变更, C2Tracker能够自动追溯到历史开发过程中修改该段代码相关的代码提交, 并在此基础上进一步挖掘其中与该段代码频繁共现修改的代码元素以及相关的变更片段, 辅助代码评审者对当前代码变更的理解与决策. 在10个著名开源项目的数据集下进行实验验证. 实验结果表明, C2Tracker在追溯历史提交的准确率上达到97%, 在挖掘频繁共现代码元素任务上的准确率达到95%, 在追溯相关代码变更片段任务上的准确率达到97%; 相比现有评审方式, C2Tracker在具体案例的代码评审效率和质量上均有较大提升, 在绝大多数的代码评审案例中被评审者认为能提供“明显帮助”或“很大帮助”.     

开源软件漏洞感知技术综述

随着现代软件规模不断扩大,软件漏洞给计算机系统和软件的安全运行、可靠性造成了极大的威胁,进而给人们的生产生活造成巨大的损失.近年来,随着开源软件的广泛使用,其安全问题受到广泛关注.漏洞感知技术可以有效地帮助开源软件用户在漏洞纰漏之前提前感知到漏洞的存在,从而进行有效防御.与传统软件的漏洞检测不同,开源漏洞的透明性和协同性给开源软件的漏洞感知带来巨大的挑战.因此,有许多学者和从业人员提出多种技术,从代码和开源社区中感知开源软件中潜在的漏洞和风险,以尽早发现开源软件中的漏洞从而降低漏洞所带来的损失.为了促进开源软件漏洞感知技术的发展,对已有研究成果进行系统的梳理、总结和点评.选取45篇开源漏洞感知技术的高水平论文,将其分为3大类:基于代码的漏洞感知技术、基于开源社区讨论的漏洞感知技术和基于软件补丁的漏洞感知技术,并对其进行系统地梳理、归纳和总结.值得注意的是,根据近几年最新研究的总结,首次提出基于开源软件漏洞生命周期的感知技术分类,对已有的漏洞感知技术分类进行补充和完善.最后,探索该领域的挑战,并对未来研究的方向进行展望.     

群智贡献标记行为研究

基于群智的开源协同模式已成为软件创新的重要模式,越来越多的开发者开始积极参与开源贡献。为有效支持开源项目管理团队对海量群智贡献的审查工作,开源协同平台设计了种类多样的工具与机制,标签是其中一种典型的任务跟踪与管理工具。为了更好地理解标签在群体实践中的应用情况,基于GitHub平台中代码合并请求（Pull-request,PR）的标记数据展开了实证研究,重点从标记时间、标签数量、标记执行者三个方面进行了分析。研究结果表明,标签在开发者中得到了广泛的使用：大部分标记时间与PR时间相同,平均每个PR带有6个以上的标记,每个标签被35人使用。     

响应时间约束的代码评审人推荐

同行代码评审,即对提交代码进行人工评审,是减少软件缺陷和提高软件质量的有效手段,已被Github等开源社区以及很多软件开发组织广泛采用.在GitHub社区,代码评审是其pull-based软件开发模型的重要组成部分.开源项目往往存在成百上千个候选评审人员,为评审工作推荐合适的评审人员是一项很有价值且挑战性的工作.基于真实开源项目的数据分析发现,评审响应时间过长是普遍存在的问题,这会延长评审周期、降低参与人员积极性,而已有的代码评审人推荐工作均没有考虑响应时间这个因素.因此,提出了响应时间约束的代码评审人推荐问题,即推荐的评审人能否在约定时间内进行评审;进而提出了基于多目标优化的代码评审人推荐方法（MOC2R）,该方法通过最大化代码评审人经验、最大化在约定时间内的响应概率、最大化人员最近时间内的活跃性这3个目标,使用多目标优化算法来推荐代码评审人员.基于6个开源项目的数据进行实验,结果表明,在不同时间窗约束下（2h、4h、8h）,Top-1准确率为41.7%~61.5%,Top-5准确率为66.5%~77.7%,显著优于两条常用且业内领先的基线方法,且3个目标均对人员推荐有贡献,其中,约定时间内的响应概率目标对于人员推荐的贡献最大.该方法能够进一步提升代码评审效率,提高开源社区的活跃性.     

山东大学戴鸿君团队在RISC-V基础软件方面取得新突破北大核心CSCD

近日,山东大学戴鸿君教授带领智能创新研究院、软件学院、集成电路学院、计算机科学与技术学院以及网络空间安全学院组成的基础软件团队,成功将首个RISC-V CPU服务器的UEFI启动方案合并入开源社区tianocore EDK2主线仓库,完成了首个符合UEFI标准的RISC-V服务器固件研发。继X86、ARM架构后,RISC-V架构已可以借助UEFI的成熟生态,快速融入服务器产业化领域。这标志着山东大学具有了固件、操作系统内核等基础软件核心代码研发的国际领先能力,成为了RISC-V关键开源代码的重要贡献者。     

What Are They Talking About? Analyzing Code Reviews in Pull-Based Development Model

Code reviews in pull-based model are open to community users on GitHub. Various participants are taking part in the review discussions and the review topics are not only about the improvement of code contributions but also about project evolution and social interaction. A comprehensive understanding of the review topics in pull-based model would be useful to better organize the code review process and optimize review tasks such as reviewer recommendation and pull-request prioritization. In this paper, we first conduct a qualitative study on three popular open-source software projects hosted on GitHub and construct a fine-grained two-level taxonomy covering four level-1 categories (code correctness, pull-request decision-making, project management, and social interaction) and 11 level-2 subcategories (e.g., defect detecting, reviewer assigning, contribution encouraging). Second, we conduct preliminary quantitative analysis on a large set of review comments that were labeled by TSHC (a two-stage hybrid classification algorithm), which is able to automatically classify review comments by combining rule-based and machine-learning techniques. Through the quantitative study, we explore the typical review patterns. We find that the three projects present similar comments distribution on each subcategory. Pull-requests submitted by inexperienced contributors tend to contain potential issues even though they have passed the tests. Furthermore, external contributors are more likely to break project conventions in their early contributions.     

Determinants of pull-based development in the context of continuous integration

The pull-based development model, widely used in distributed software teams on open source communities, can efficiently gather the wisdom from crowds. Instead of sharing access to a central repository, contributors create a fork, update it locally, and request to have their changes merged back, i.e., submit a pull-request. On the one hand, this model lowers the barrier to entry for potential contributors since anyone can submit pull-requests to any repository, but on the other hand it also increases the burden on integrators, who are responsible for assessing the proposed patches and integrating the suitable changes into the central repository. The role of integrators in pull-based development is crucial. They must not only ensure that pull-requests should meet the project’s quality standards before being accepted, but also finish the evaluations in a timely manner. To keep up with the volume of incoming pull-requests, continuous integration (CI) is widely adopted to automatically build and test every pull-request at the time of submission. CI provides extra evidences relating to the quality of pull-requests, which would help integrators to make final decision (i.e., accept or reject). In this paper, we present a quantitative study that tries to discover which factors affect the process of pull-based development model, including acceptance and latency in the context of CI. Using regression modeling on data extracted from a sample of GitHub projects deploying the Travis-CI service, we find that the evaluation process is a complex issue, requiring many independent variables to explain adequately. In particular, CI is a dominant factor for the process, which not only has a great influence on the evaluation process per se, but also changes the effects of some traditional predictors.     

Detecting Duplicate Contributions in Pull-Based Model Combining Textual and Change Similarities

Communication and coordination between open source software(OSS)developers who do not work physically in the same location have always been the challenging issues.The pull-based development model,as the state-of-the-art collaborative development mechanism,provides high openness and transparency to improve the visibility of contributors'work.However,duplicate contributions may still be submitted by more than one contributor to solve the same problem due to the parallel and uncoordinated nature of this model.If not detected in time,duplicate pull-requests can cause contributors and reviewers to waste time and energy on redundant work.In this paper,we propose an approach combining textual and change similarities to automatically detect duplicate contributions in the pull-based model at submission time.For a new-arriving contribution,we first compute textual similarity and change similarity between it and other existing contributions.And then our method returns a list of candidate duplicate contributions that are most similar to the new contribution in terms of the combined textual and change similarity.The evaluation shows that 83.4％of the duplicates can be found in average when we use the combined textual and change similarity compared with 54.8％using only textual similarity and 78.2％using only change similarity.     

Network ties and the success of open source software development

Prior network-based research on open source software (OSS) development has focused on the benefit of network ties and assumed all network ties play the same role. We adopt a fine-grained view of network relations to investigate the impact of network ties on the success of OSS development. Through examining the development of OSS projects hosted by SourceForge, we find that co-membership among project teams is an effective mechanism for building network ties, through which knowledge and expertise flows across projects in OSS community and, therefore, contributes to the success of OSS development. However, network ties among projects not only confer benefit, but also incur various cost, and due to the different growth patterns of cost and benefit, network ties have a diminishing return to project success. In addition, we find network ties of leader–follower type and follower–leader type are more beneficial to OSS success than other types of ties, and network ties connecting to projects of later development stages are more beneficial than those connecting to projects of earlier stages. Our study provides useful guidelines and suggestions as to how to leverage the knowledge and expertise of others for successful development of OSS projects.     

基于时间和影响力因子的Github Pull Request评审人推荐

开源社区github提供了pull request的机制让开发者可以把自己的代码集成到github的开源项目中从而为项目做出贡献.Pull request的代码评审是github这类分布式软件开发社区维护开源项目代码质量的非常重要的方式.为一个新到来的pull request指派合适的代码评审人可以有效减少pull request从提交到开始审核的延迟.目前github是由项目核心成员人工来完成评审人的指派,为了减少这种人力损耗,我们提出代码评审人的推荐系统,该系统基于信息检索的方法,并考虑了评审人的影响力因子以及评审的时间衰减的因素,对新到来的pull request,自动推荐最相关的评审人.我们的方法对top 1的准确度达到了68%,对top 10的召回率达到了78%.     

Open source software success: Measures and analysis

Despite a growing body of research on OSS production, much remains to be learned. One important issue concerns the measures of OSS project success and its determinants. In this paper, we empirically study the determinants of OSS success as measured by the number of subscribers and developers working on an OSS project. Furthermore, we demonstrate that our model forecasts these success measures more accurately as compared to a naive model.We find that OSS projects that develop software to work on Windows/UNIX/Linux operating systems, and developed using C or its derivative languages experience larger increase in subscribers and attract more developers than projects that do not have these characteristics. OSS projects with semi-restrictive licenses have fewer subscribers and attract fewer developers. Interestingly, OSS projects that accept financial donations and are targeted at IS/IT professionals have more subscribers than others, although these characteristics do not affect the developer base. The number of subscribers and developers increases with the age of the OSS project. Finally, the impact of developers on subscribers and subscribers on developers is positive and significant.     

Factors affecting the success of Open Source Software

With the rapid rise in the use of Open Source Software (OSS) in all types of applications, it is important to know which factors can lead to OSS success. OSS projects evolve and transform over time; therefore success must be examined longitudinally over a period of time. In this research, we examine two measures of project success: project popularity and developer activity, of 283 OSS projects over a span of 3 years, in order to observe changes over time. A comprehensive research model of OSS success is developed which includes both extrinsic and intrinsic attributes. Results show that while many of the hypothesized relationships are supported, there were marked differences in some of the relationships at different points in time lending support to the notion that different factors need to be emphasized as the OSS project unfolds over time.     

Peer impressions in open source organizations: A survey

In virtual organizations, such as Open Source Software (OSS) communities, we expect that the impressions members have about each other play an important role in fostering effective collaboration. However, there is little empirical evidence about how peer impressions form and change in virtual organizations. This paper reports the results from a survey designed to understand the peer impression formation process among OSS participants in terms of perceived expertise, trustworthiness, productivity, experiences collaborating, and other factors that make collaboration easy or difficult. While the majority of survey respondents reported positive experiences, a non-trivial fraction had negative experiences. In particular, volunteer participants were more likely to report negative experiences than participants who were paid. The results showed that factors related to a person's project contribution (e.g., quality and understandability of committed codes, important design related decisions, and critical fixes made) were more important than factors related to work style or personal traits. Although OSS participants are very task focused, the respondents believed that meeting their peers in person is beneficial for forming peer impressions. Having an appropriate impression of one's OSS peers is crucial, but the impression formation process is complicated and different from the process in traditional organizations.     

Knowledge-based approaches for scheduling problems: a survey

Recent developments in artificial intelligence (AI) have led to the use of knowledge-based techniques for solving scheduling problems. The authors survey several existing intelligent planning and scheduling systems with the aim of providing a guide to the main AI techniques used. In view of the prevailing difference is usage of the terms planning and scheduling between AI and operations research (OR), a taxonomy of planning and scheduling problems is presented. The modeling of real world problems from closed deterministic worlds to complex real worlds is illustrated with a project scheduling example. Some of the more successful planning and scheduling systems are surveyed, and their features are highlighted. The AI approaches are consolidated into knowledge representation and problem solving in the project management context