软件库依赖图谱的复杂性度量方法及其潜在应用

在软件开发过程中,软件库可以减少开发时间和节约成本而被广泛使用,因此现代软件项目包含多种不同来源的代码而使得系统具有更高的复杂性和多样性.软件库在使用的过程中常常伴随着各种风险,如低质量或安全漏洞,从而严重影响软件项目的质量.通过分析与软件库的耦合强度,来量化由软件库的依赖关系而引入客户代码的复杂性和多样性.首先,根据客户代码与软件库之间方法的调用关系建立软件边界图模型,区分开客户代码和软件库的代码边界;进而基于此提出一套软件库依赖图谱的复杂性度量指标RMS,用以量化不同来源软件之间的耦合强度.在实验过程中,挖掘Apache开源社区中10个流行软件所有历史版本数据,最终收集到7 857个真实项目间依赖缺陷问题.在上述真实数据基础上,结合所提出的复杂性度量指标RMS,利用假设验证方法开展实证调查研究来探讨:H1:风险因子更高的边界节点是否更容易引入更多数量的项目间依赖缺陷; H2:风险因子更高的边界节点会是否更容易引入严重等级高的项目间依赖缺陷; H3:RMS度量指标数值多大程度地影响了引入项目间依赖缺陷数量和严重等级.实验结果表明,根据RMS度量指标评估,与软件库耦合度更高的边界节点容...

Measurement Method for Complexity of Software Library Dependency Graph and Its Potential Applications

In the process of software development, software libraries are widely used as they can reduce development time and costs. Consequently, modern software projects contain code from different sources, which makes the systems highly complex and diversified. In addition, various risks come along with the usage of software libraries, such as low quality or security vulnerabilities, seriously affecting the quality of software projects. By analyzing the intensity of the coupling with software libraries, this study quantifies the complexity and diversity introduced by the dependence on the software libraries to the client code. For this purpose, a software boundary graph (SBG) model is constructed according to the method invocation relationships of the client code with the software libraries to distinguish their code boundaries. Then, a metric suite RMS for the complexity of the software library dependency graph is proposed on the basis of the SBG model to quantify the intensity of the coupling with the software from different sources. In the experiment, this study mines the data on all the historical versions of 10 popular software in the Apache open-source community and finally collects 7857 dependency defects among real-world projects. With the above-mentioned real-world data, empirical investigation based on hypothesis testing is conducted according to the proposed complexity metric suite RMS to discuss the following issues: H1: whether boundary nodes with higher risk factors are more likely to introduce more inter-project dependency defects; H2: whether boundary nodes with higher risk factors are more likely to introduce serious inter-project dependency defects; H3: what is the extent to which the value of the metric suite RMS affects the number and severity of introduced inter-project dependency defects. Experimental results show that according to the evaluation with the RMS, the boundary nodes exhibiting higher coupling degrees with the software libraries are more likely to introduce more inter-project dependency defects with higher severity. Moreover, compared with traditional complexity metrics, RMS greatly influences the number and severity of introduced inter-project dependency defects.