Code analysis: past and present

The integration of Software components within complex industrial applications with severe security standards, requires strict quality assessment of each integrated component. That is, requires a guarantee that each component is compliant with the software development good practices and all the standards in use. If full certification is easy to obtain for proprietary modules, it is particularly hard to achieve when dealing with Open-Source Software pieces, demanding for rigorous methods and techniques to implement their certification process. In this context, code analysis plays an important role as the basis for the automatization of quality assessment of open source software projects – code analysis provides the techniques and tools to implement the necessary validation process. Although source code is still the most explored (the main support for analysis), nowadays this assessment process should be able to deal with code at different compilation levels. Due to its relevance for the open source software certification task, this paper reviews code analysis area (stages of the analyzing process, traditional approaches, and future trends), aiming at identifying what is available, and what deserves further research.Fundação para a Ciência e a Tecnologia (FCT

Quality factors and coding standards - a comparison between open source forges

Enforcing adherence to standards in software development in order to produce high quality software artefacts has long been recognised as best practice in traditional software engineering. In a distributed heterogeneous development environment such those found within the Open Source paradigm, coding standards are informally shared and adhered to by communities of loosely coupled developers. Following these standards could potentially lead to higher quality software. This paper reports on the empirical analysis of two major forges where OSS projects are hosted. The first one, the KDE forge, provides a set of guidelines and coding standards in the form of a coding style that developers may conform to when producing the code source artefacts. The second studied forge, SourceForge, imposes no formal coding standards on developers. A sample of projects from these two forges has been analysed to detect whether the SourceForge sample, where no coding standards are reinforced, has a lower quality than the sample from KDE. Results from this analysis form a complex picture; visually, all the selected metrics show a clear divide between the two forges, but from the statistical standpoint, clear distinctions cannot be drawn amongst these quality related measures in the two forge samples

OSSMETER: Automated measurement and analysis of open source software

International audienceDeciding whether an open source software (OSS) meets the requiredstandards for adoption in terms of quality, maturity, activity of development anduser support is not a straightforward process. It involves analysing various sourcesof information, including the project’s source code repositories, communicationchannels, and bug tracking systems. OSSMETER extends state-of-the-art techniquesin the field of automated analysis and measurement of open-source software(OSS), and develops a platform that supports decision makers in the processof discovering, comparing, assessing and monitoring the health, quality, impactand activity of opensource software. To achieve this, OSSMETER computestrustworthy quality indicators by performing advanced analysis and integrationof information from diverse sources including the project metadata, source coderepositories, communication channels and bug tracking systems of OSS projects

Semantic code search and analysis

Title from PDF of title page, viewed on July 28, 2014Thesis advisor: Yugyung LeeVitaIncludes bibliographical references (pages 33-35)Thesis (M. S.)--School of Computing and Engineering. University of Missouri--Kansas City, 2014As open source software repositories have been enormously growing, the high quality source codes have been widely available. A greater access to open source software also leads to an increase of software quality and reduces the overhead of software development. However, most of the available search engines are limited to lexical or code based searches and do not take semantics that underlie the source codes. Thus, object oriented (OO) principles, such as inheritance and composition, cannot be efficiently utilized for code search or analysis. This thesis proposes a novel approach for searching source code using semantics and structure. This approach will allow users to analyze software systems in terms of code similarity. For this purpose, a semantic measurement, called CoSim, was designed based on OO programing models including Package, Class, Method and Interface. We accessed and extracted the source code from open source repositories like Github and converted them into Resource Description Framework (RDF) model. Using the measurement, we queried the source code with SPARQL Query Language and analyzed the systems. We carried out a pilot study for preliminary evaluation of seven different versions of Apache Hadoop systems in terms of their similarities. In addition, we compared the search outputs from our system with those by the Github Code Search. It was shown that our search engine provided more comprehensive and relevant information than the Github does. In addition, the proposed CoSim measurement precisely reflected the significant and evolutionary properties of the systems in the similarity comparison of Hadoop software systemsAbstract -- Illustrations -- Tables - Introduction -- Background and related work -- Semantic code search and analysis model -- Semantic code search and analysis implementation -- Results and evaluation -- Conclusion and future work -- Reference

Towards solving social and technical problems in open source software ecosystems : using cause-and-effect analysis to disentangle the causes of complex problems

Managing large-scale development projects in open source software ecosystems involves dealing with an array of technical and social problems. To disentangle the causes of such problems, we interviewed experts and performed a cause-and-effect analysis. Our findings demonstrate that loss of contributors is the most important social problem, while poor code quality is the most important technical problem, and that both problems result from complex socio-technical interrelations of causes. Our approach suggests that cause-and-effect analysis can help to better understand problems in open source software ecosystems

Tools, processes and factors influencing of code review

Code review is the most effective quality assurance strategy in software development where reviewers aim to identify defects and improve the quality of source code of both commercial and open-source software. Ultimately, the main purpose of code review activities is to produce better software products. Review comments are the building blocks of code review. There are many approaches to conduct reviews and analysis source code such as pair programming, informal inspections, and formal inspections. Reviewers are responsible for providing comments and suggestions to improve the quality of the proposed source code modifications. This work aims to succinctly describe code review process, giving a framework of the tools and factors influencing code review to aid reviewers and authors in the code review stages and choose the suitable code review tool

Open source tools for measuring the Internal Quality of Java software products. A survey

Collecting metrics and indicators to assess objectively the different products resulting during the lifecycle of a software project is a research area that encompasses many different aspects, apart from being highly demanded by companies and software development teams. Focusing on software products, one of the most used methods by development teams for measuring Internal Quality is the static analysis of the source code. This paper works in this line and presents a study of the stateof- the-art open source software tools that automate the collection of these metrics, particularly for developments in Java. These tools have been compared according to certain criteria defined in this study.Ministerio de Ciencia e Innovación TIN2010-20057-C03-02Junta de Andalucía TIC-578