Software: Practice and Experience最新文献

{"title":"Bug numbers matter: An empirical study of effort‐aware defect prediction using class labels versus bug numbers","authors":"Peixin Yang, Ziyao Zeng, Lin Zhu, Yanjiao Zhang, Xin Wang, Chuanxiang Ma, Wenhua Hu","doi":"10.1002/spe.3363","DOIUrl":"https://doi.org/10.1002/spe.3363","url":null,"abstract":"Previous research have utilized public software defect datasets such as NASA, RELINK, and SOFTLAB, which only contain class label information. Most effort‐aware defect prediction (EADP) studies are carried out around these datasets. However, EADP studies typically relying on predicted bug number (i.e., considering modules as effort) or density (i.e., considering lines of code as effort) for ranking software modules. To explore the impact of bug number information in constructing EADP models, we access the performance degradation of the best‐performing learning‐to‐rank methods when using class labels instead of bug numbers for training. The experimental results show that using class labels instead of bug numbers in building EADP models results in an decrease in the detected bugs when module is considering as effort. When effort is LOC, using class labels to construct EADP models can lead to a significant increase in the initial false alarms and a significant increase in the modules that need to be inspected. Therefore, we recommend not only the class labels but also the bug number information should be disclosed when publishing software defect datasets, in order to construct more accurate EADP models.","PeriodicalId":21899,"journal":{"name":"Software: Practice and Experience","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141586713","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Are the smart contracts on Q&A site reliable?","authors":"Xiaocong Zhou, Quanqi Wang, Yifan Liu, Xiangping Chen, Yuan Huang, Zibin Zheng","doi":"10.1002/spe.3361","DOIUrl":"https://doi.org/10.1002/spe.3361","url":null,"abstract":"Ethereum, as a leading blockchain platform, has attracted a significant number of practitioners. These practitioners require a platform for communication and collaborative problem‐solving, which led to Ethereum Stack Exchange (ESE), a Q&A site dedicated to Ethereum‐related issues. While the Q&A site facilitates communication among practitioners, it also introduces new challenges. Practitioners adopt code snippets from Q&A sites to address problems encountered. However, the quality of code snippets on ESE remains largely unexplored. Vulnerabilities and gas‐inefficient patterns in ESE may spread to the code in Ethereum and threaten its regular operation. In this article, we conduct an empirical study investigating the distribution of vulnerabilities and gas‐inefficient patterns in ESE. Further, we analyze the potential impact of vulnerabilities and gas‐inefficient patterns from ESE on Ethereum. However, we encounter a problem during the vulnerability and gas‐inefficient pattern detection. Established smart contract analysis tools in the mainstream realm necessitate complete source code files for thorough analysis, while codes on ESE are often incomplete code snippets. To address this, we introduce the AST‐based code clone detection technique to construct detectable files corresponding to code snippets. This enables us to detect vulnerabilities and gas‐inefficient patterns in code snippets. In the end, our findings demonstrate that 11.18% of the contract‐level code snippets and 4.06% of function‐level code snippets in ESE have vulnerabilities. And 27.21% of contract‐level code snippets and 17.89% of function‐level code snippets contain gas‐inefficient patterns. The additional consumption caused by the gas‐inefficient pattern in ESE is approximately $1,695,002. Based on these findings, we provide recommendations for both ESE and its users, aiming to foster collaborative efforts and create a more reliable Q&A site for practitioners.","PeriodicalId":21899,"journal":{"name":"Software: Practice and Experience","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141529887","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Special Issue on “Ensuring security for artificial intelligence applications in mobile edge computing software systems”","authors":"Lianyong Qi, Victor S. Sheng, Xiaolong Xu, Jinjun Chen","doi":"10.1002/spe.3362","DOIUrl":"https://doi.org/10.1002/spe.3362","url":null,"abstract":"","PeriodicalId":21899,"journal":{"name":"Software: Practice and Experience","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141509182","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Large language model ChatGPT versus small deep learning models for self‐admitted technical debt detection: Why not together?","authors":"Jun Li, Lixian Li, Jin Liu, Xiao Yu, Xiao Liu, Jacky Wai Keung","doi":"10.1002/spe.3360","DOIUrl":"https://doi.org/10.1002/spe.3360","url":null,"abstract":"SummaryGiven the increasing complexity and volume of Self‐Admitted Technical Debts (SATDs), how to efficiently detect them becomes critical in software engineering practice for improving code quality and project efficiency. Although current deep learning methods have achieved good performance in detecting SATDs in code comments, they lack explanation. Large language models such as ChatGPT are increasingly being applied to text classification tasks due to their ability to provide explanations for classification results, but it is unclear how effective ChatGPT is for SATD classification. As the first in‐depth study of ChatGPT for SATD detection, we evaluate ChatGPT's effectiveness, compare it with small deep learning models, and find that ChatGPT performs better on Recall, while small models perform better on Precision. Furthermore, to enhance the performance of these approaches, we propose a novel fusion approach named FSATD which combines ChatGPT with small models for SATD detection so as to provide reliable explanations. Through extensive experiments on 62,276 comments from 10 open‐source projects, we show that FSATD outperforms existing methods in performance of F1‐score in cross‐project scenarios. Additionally, FSATD allows for flexible adjustment of fusion strategies, adapting to different requirements of various application scenarios, and can achieve the best Precision, Recall, or F1‐score.","PeriodicalId":21899,"journal":{"name":"Software: Practice and Experience","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141532650","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"FogDEFTKube: Standards‐compliant dynamic deployment of fog service containers","authors":"Rajesh Thalla, S. Srirama","doi":"10.1002/spe.3354","DOIUrl":"https://doi.org/10.1002/spe.3354","url":null,"abstract":"The traditional cloud‐centric approach in IoT applications lack the speed and efficiency required for time‐critical tasks, resulting in network inefficiencies. To address this, the notions of Edge and Fog computing have emerged as alternatives. Fog computing facilitates the deployment of services and applications closer to the network's edge, lowering latency and allowing real‐time capabilities. It enhances reliability, fault tolerance, and connectivity in areas with spotty network coverage. Despite the fact that fog computing overcomes the limitations of cloud‐centric IoT processing, its adoption faces challenges like platform independence, interoperability, and portability. To tackle these challenges, the FogDEFT (Fog computing out of the box: Dynamic dEployment of Fog service containers with TOSCA) framework was developed. It complies to OASIS‐TOSCA standards and guarantees dynamic deployment of fog services on resource‐constrained devices while leveraging Docker containerization technology to ensure platform independence and interoperability. Due to its tight coupling with Docker Swarm, which is designed for medium‐sized deployments, the fogDEFT framework is constrained by Docker Swarm's limitations, hindering its ability to effectively manage large‐scale, automated, and resource‐efficient microservice deployments. To address these limitations, we propose FogDEFTKube, an extension of the FogDEFT architecture that incorporates Kubernetes for orchestration, Jenkins for continuous integration and deployment, and a comprehensive redefinition of the core capabilities of the FogDEFT architecture. This offers a promising solution that supports Kubernetes for handling scalable and highly available fog applications with ease while offering CI/CD. FogDEFTKube simplifies the modeling and deployment of fog services while abstracting the complexities of underlying fog networks.","PeriodicalId":21899,"journal":{"name":"Software: Practice and Experience","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141336798","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An automated model‐based testing approach for the self‐adaptive behavior of the unmanned aircraft system application software","authors":"Zainab Javed, Muhammad Zohaib Iqbal, Muhammad Uzair Khan, M. Usman, A. A. Jilani","doi":"10.1002/spe.3358","DOIUrl":"https://doi.org/10.1002/spe.3358","url":null,"abstract":"The unmanned aircraft system (UAS) is rapidly gaining popularity in civil and military domains. A UAS consists of an application software that is responsible for defining a UAS mission and its expected behavior. A UAS during its mission experiences changes (or interruptions) that require the unmanned aerial vehicle (UAV) in a UAS to self‐adapt, that is, to adjust both its behavior and position in real‐time, particularly for maintaining formation in the case of a UAS swarm. This adaptation is critical as the UAS operates in an open environment, interacting with humans, buildings, and neighboring UAVs. To verify if a UAS correctly makes an adaptation, it is important to test it. The current industrial practice for testing the self‐adaptive behaviors in UAS is to carry out testing activities manually. This is particularly true for existing UAS rather than newly developed ones. Manual testing is time‐consuming and allows the execution of a limited set of test cases. To address this problem, we propose an automated model‐based approach to test the self‐adaptive behavior of UAS application software. The work is conducted in collaboration with an industrial partner and demonstrated through a case study of UAS swarm formation flight application software. Further, the approach is verified on various self‐adaptive behaviors for three open‐source autopilots (i.e., Ardu‐Copter, Ardu‐Plane, and Quad‐Plane). Using the proposed model‐based testing approach we are able to test sixty unique self‐adaptive behaviors. The testing results show that around 80% of the behavior adaptations are correctly executed by UAS application software.","PeriodicalId":21899,"journal":{"name":"Software: Practice and Experience","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141351762","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Nearest‐neighbor, BERT‐based, scalable clone detection: A practical approach for large‐scale industrial code bases","authors":"Gul Aftab Ahmed, James Patten, Yuanhua Han, Guoxian Lu, Wei Hou, David Gregg, Jim Buckley, Muslim Chochlov","doi":"10.1002/spe.3355","DOIUrl":"https://doi.org/10.1002/spe.3355","url":null,"abstract":"Hidden code clones negatively impact software maintenance, but manually detecting them in large codebases is impractical. Additionally, automated approaches find detection of syntactically‐divergent clones very challenging. While recent deep neural networks (for example BERT‐based artificial neural networks) seem more effective in detecting such clones, their pairwise comparison of every code pair in the target system(s) is inefficient and scales poorly on large codebases. We present SSCD, a BERT‐based clone detection approach that targets high recall of Type 3 and Type 4 clones at a very large scale (in line with our industrial partner's requirements). It computes a representative embedding for each code fragment and finds similar fragments using a nearest neighbor search. Thus, SSCD avoids the pairwise‐comparison bottleneck of other neural network approaches, while also using a parallel, GPU‐accelerated search to tackle scalability. This article describes the approach, proposing and evaluating several refinements to improve Type 3/4 clone detection at scale. It provides a substantial empirical evaluation of the technique, including a speed/efficacy comparison of the approach against SourcererCC and Oreo, the only other neural‐network approach currently capable of scaling to hundreds of millions of LOC. It also includes a large in‐situ evaluation on our industrial collaborator's code base that assesses the original technique, the impact of the proposed refinements and illustrates the impact of incremental, active learning on its efficacy. We find that SSCD is significantly faster and more accurate than SourcererCC and Oreo. SAGA, a GPU‐accelerated traditional clone detection approach, is a little better than SSCD for T1/T2 clones, but substantially worse for T3/T4 clones. Thus, SSCD is both scalable to industrial code sizes, and comparatively more accurate than existing approaches for difficult T3/T4 clone searching. In‐situ evaluation on company datasets shows that SSCD outperforms the baseline approach (CCFinderX) for T3/T4 clones. Whitespace removal and active learning further improve SSCD effectiveness.","PeriodicalId":21899,"journal":{"name":"Software: Practice and Experience","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141354046","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Balancing performance and comfort in virtual reality: A study of FPS, latency, and batch values","authors":"Ali Geriş, Baris Cukurbasi, Murat Kilinc, Orkun Teke","doi":"10.1002/spe.3356","DOIUrl":"https://doi.org/10.1002/spe.3356","url":null,"abstract":"This manuscript investigates the relationships among various performance metrics in a virtual reality (VR), namely frames per second (FPS), latency, batches, and the number of triangles (tris) and vertices (verts). The study aims to uncover correlations and directional associations between these metrics, shedding light on their impact on VR performance. The findings reveal a significant correlation between FPS and latency, albeit in opposite directions. Higher FPS values are associated with reduced latency, indicating that a smoother visual experience is accompanied by shorter delays in the VR. Conversely, lower FPS values are linked to increased latency, suggesting a potential degradation in overall system responsiveness. Additionally, a strong correlation is observed between latency and batches processed. This finding implies that latency has a direct impact on the system's ability to efficiently process and render objects within VR. Furthermore, a positive correlation is identified between the number of batches and the values of tris and verts. This relationship suggests that higher batch counts are associated with larger quantities of triangles and vertices, reflecting a more complex scene rendering process. Consequently, the performance of VR may be influenced by the density and intricacy of the virtual environments, as indicated by these metrics.","PeriodicalId":21899,"journal":{"name":"Software: Practice and Experience","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-06-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141356512","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Threat models over space and time: A case study of end‐to‐end‐encrypted messaging applications","authors":"Partha Das Chowdhury, Maria Sameen, Jenny Blessing, Nicholas Boucher, Joseph Gardiner, Tom Burrows, Ross Anderson, Awais Rashid","doi":"10.1002/spe.3341","DOIUrl":"https://doi.org/10.1002/spe.3341","url":null,"abstract":"Threat modeling is one of the foundations of secure systems engineering and must take heed of the context within which systems operate. In this work, we explore the extent to which real‐world systems engineering reflects a changing threat context. We examine the desktop clients of six widely used end‐to‐end‐encrypted mobile messaging applications to understand the extent to which they adjusted their threat model over space (when enabling clients on new platforms, such as desktop clients) and time (as new threats emerged). We experimented with short‐lived adversarial access against these desktop clients and analyzed the results using two popular threat elicitation frameworks, STRIDE and LINDDUN. The results demonstrate that system designers need to track threats in the evolving context within which systems operate and, more importantly, mitigate them by rescoping trust boundaries so that they remain consistent with administrative boundaries. A nuanced understanding of the relationship between trust and administration is vital for robust security, including the provision of safe defaults.","PeriodicalId":21899,"journal":{"name":"Software: Practice and Experience","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141110388","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Gamifying software engineering subject to enhance the quality of knowledge","authors":"I. Aldalur","doi":"10.1002/spe.3339","DOIUrl":"https://doi.org/10.1002/spe.3339","url":null,"abstract":"Gamification has been widely used in education in recent years. Gamification has been proven to be a useful tool for students, as it motivates them and helps them to learn. The lack of motivation on the part of the students and their poor perception of the importance of software engineering has led to the definition of SESGA. This game has been designed and carried out on third year students of the computer science degree. SESGA has been designed for students to improve their knowledge of static code analysis, unit testing and Git. A software engineering project was carried out in groups, in which each of the students had to perform common software development tasks. The evaluation has measured the accomplishment, challenge, competence, guidance, immersion, playfulness and social involvement of SESGA obtaining remarkable results. It has also shown that SESGA has allowed students to have better academic results and the number of failures has decreased.","PeriodicalId":21899,"journal":{"name":"Software: Practice and Experience","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2024-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140969762","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}