Supporting Modern Code Review

Modern code review is a lightweight and asynchronous process of auditing code changes that is done by a reviewer other than the author of the changes. Code review is widely used in both open source and industrial projects because of its diverse benefits, which include defect identification, code improvement, and knowledge transfer. This thesis presents three research results on code review. First, we conduct a large-scale developer survey. The objective of the survey is to understand how developers conduct code review and what difficulties they face in the process. We also reproduce the survey questions from the previous studies to broaden the base of empirical knowledge in the code review research community. Second, we investigate in depth the coding conventions applied during code review. These coding conventions guide developers to write source code in a consistent format. We determine how many coding convention violations are introduced, removed, and addressed, based on comments left by reviewers. The results show that developers put a great deal of effort into checking for convention violations, although various convention checking tools are available. Third, we propose a technique that automatically recommends related code review requests. When a new patch is submitted for code review, our technique recommends previous code review requests that contain a patch similar to the new one. Developers can locate meaningful information and development context from our recommendations. With two empirical studies and an automation technique for recommending related code reviews, this thesis broadens the empirical knowledge base for code review practitioners and provides a useful approach that supports developers in streamlining their review efforts

Software security during modern code review: The developer’s perspective

To avoid software vulnerabilities, organizations are shifting security to earlier stages of the software development, such as at code review time. In this paper, we aim to understand the developers’ perspective on assessing software security during code review, the challenges they encounter, and the support that companies and projects provide. To this end, we conduct a two-step investigation: we interview 10 professional developers and survey 182 practitioners about software security assessment during code review. The outcome is an overview of how developers perceive software security during code review and a set of identified challenges. Our study revealed that most developers do not immediately report to focus on security issues during code review. Only after being asked about software security, developers state to always consider it during review and acknowledge its importance. Most companies do not provide security training, yet expect developers to still ensure security during reviews. Accordingly, developers report the lack of training and security knowledge as the main challenges they face when checking for security issues. In addition, they have challenges with third-party libraries and to identify interactions between parts of code that could have security implications. Moreover, security may be disregarded during reviews due to developers’ assumptions about the security dynamic of the application they develop

Harnessing customizationinWeb Annotation: ASoftwareProduct Line approach

222 p.La anotación web ayuda a mediar la interacción de lectura y escritura al transmitir información, agregar comentarios e inspirar conversaciones en documentos web. Se utiliza en áreas de Ciencias Sociales y Humanidades, Investigación Periodística, Ciencias Biológicas o Educación, por mencionar algunas. Las actividades de anotación son heterogéneas, donde los usuarios finales (estudiantes, periodistas, conservadores de datos, investigadores, etc.) tienen requisitos muy diferentes para crear, modificar y reutilizar anotaciones. Esto resulta en una gran cantidad de herramientas de anotación web y diferentes formas de representar y almacenar anotaciones web. Para facilitar la reutilización y la interoperabilidad, se han realizado varios intentos durante las últimas décadas para estandarizar las anotaciones web (por ejemplo, Annotea u Open Annotation), lo que ha dado como resultado las recomendaciones de anotaciones del W3C publicadas en 2017. Las recomendaciones del W3C proporcionan un marco para la representación de anotaciones (modelo de datos y vocabulario) y transporte (protocolo). Sin embargo, todavía hay una brecha en cómo se desarrollan los clientes de anotación (herramientas e interfaces de usuario), lo que hace que los desarrolladores vuelvan a re-implementar funcionalidades comunes (esdecir, resaltar, comentar, almacenar,¿) para crear su herramienta de anotación personalizada.Esta tesis tiene como objetivo proporcionar una plataforma de reutilización para el desarrollo de herramientas de anotación web para la revisión. Con este fin, hemos desarrollado una línea de productos de software llamada WACline. WACline es una familia de productos de anotación que permite a los desarrolladores crear extensiones de navegador de anotación web personalizadas, lo que facilita la reutilización de los activos principales y su adaptación a su contexto de revisión específico. Se ha creado siguiendo un proceso de acumulación de conocimientos en el que cada producto de anotación aprende de los productos de anotación creados previamente. Finalmente, llegamos a una familia de clientes de anotación que brinda soporte para tres prácticas de revisión: extracción de datos de revisión sistemática de literatura (Highlight&Go), revisión de tareas de estudiantes en educación superior (Mark&Go), y revisión por pares de conferencias y revistas (Review&Go). Para cada uno de los contextos de revisión, se ha llevado a cabo una evaluación con partes interesadas reales para validar las mejoras de eficiencia y eficacia aportadas por las herramientas de anotación personalizadas en su práctica

Knowledge sharing factors for modern code review to minimize software engineering waste

Software engineering activities, for instance, Modern Code Review (MCR) produce quality software by identifying the defects from the code. It involves social coding and provides ample opportunities to share knowledge among MCR team members. However, the MCR team is confronted with the issue of waiting waste due to poor knowledge sharing among MCR team members. As a result, it delays the project delays and increases mental distress. To minimize the waiting waste, this study aims to identify knowledge sharing factors that impact knowledge sharing in MCR. The methodology employed for this study is a systematic literature review to identify knowledge sharing factors, data coding with continual comparison and memoing techniques of grounded theory to produce a unique and categorized list of factors influencing knowledge sharing. The identified factors were then assessed through expert panel for its naming, expressions, and categorization. The study finding reported 22 factors grouped into 5 broad categories i.e. Individual, Team, Social, Facility conditions, and Artifact. The study is useful for researchers to extend the research and for the MCR team to consider these factors to enhance knowledge sharing and to minimize waiting waste

Can SoTL Generate High Quality Research while Maintaining its Commitment to Inclusivity?

The Scholarship of Teaching and Learning (SoTL) faces an emerging challenge as it seeks to balance commitments to disciplinary inclusivity and scholarly quality. We undertake a scoping review of 64 articles across three leading SoTL journals to investigate how the literature balances these twin commitments by exploring what questions are being asked, what methods are being used, and how these may be impacting the inferences that are being made within that scholarship. We advocate for a more focused definition of SoTL that can help reinforce its legitimacy within institutional power structures of scholarship, and for partnerships across disciplinary boundaries to be a central pillar of SoTL that is both high quality and disciplinarily inclusive

The race between education and catastrophe: creating climate-sensitive cities

‘History is a race between education and catastrophe’ (Gurría, 2013). This is the essence of the climate-change dilemma in human settlements today. How can cities act effectively to live with climate change? After a century, the world is bracing for a perfect storm with burgeoning populations drifting to the cities, resulting in anthropogenic greenhouse gases multiplying exponentially. Rapid urban development breaks down natural systems that sequester greenhouse gases, making cities unhealthy, unbalanced, and undesirable (Blakely & Carbonell, 2012). It is reported that ‘more people are killed from poor urban design and climate-change than terrorism’ (Birkeland, 2008), which is an immense ethical problem. My focus is on creating resilient Climate-Sensitive-Cities®. This approach to tackling the urgency of climate change in cities is five-fold: 1. It audits vulnerability and coping capacity. 2. It addresses audit gaps by investing in accelerated learning for professions and communities to build capacity for resilience. 3. It appreciates that every individual can make a unique contribution to interdisciplinary capacity-building for addressing climate education through their own organisations and regions. 4. It realises that accelerated learning for the long-term investment in individuals within organisations includes collaborative coaching and partnering. 5. It recognises that optimism for a preferred future can be achieved in a world full of perverse incentives. Although there are many perspectives and prescribed actions from each discipline, my approach is founded on meta-scanning, with principle-based options that emerge from broad lessons from international and local successes. The crucial part of my work is to convert research into desirable actions in a way that demonstrates learning for better climate governance. The results of my endeavours include influence of policy and practices in fourteen countries and through professional bodies across disciplines. My contribution to transformational guidelines for international climate action transparency is recognised widely. This thesis comprises an exploration of philosophies, revisiting values, seeking answers to four research questions, a new lens with three perspectives, and project design to ensure higher fidelity with my statement of intent. My Doctorate establishes a framework that enables individuals to lead the way in climate-change practices. I intend to be a living example of such frameworks. The thesis concludes with new definitions for Climate-Sensitive-Cities® and Accelerated Learning. It also overlays triple loop policy development with the Climate Policy in Practice Cycle® as a means for funding and evaluating action. Finally, a manual for Master Classes delivered across fourteen countries works with a transformational change trajectory that articulates the journey from passive bystanding, to advocacy, to tipping points, to coping with success. Independent evaluations accelerate the uptake of these skills in governments, communities, professions, and most importantly, individuals. We need to learn, question old thinking, and relearn in order to adapt and live with the many facets of climate-change. Based on this rationale, I have structured my Doctorate to advance a deeper understanding of the technical, intellectual, and interpersonal skills required of an effective Sustainability Commissioner. Alvin Toffler stated ‘the illiterate of the 21st Century will not be those who cannot read and write, but those who cannot learn, unlearn, and relearn’ (ISLS, 2013). This is how we win the race of education over catastrophe

Assessing and improving quality of QVTo model transformations

We investigate quality improvement in QVT operational mappings (QVTo) model transformations, one of the languages defined in the OMG standard on model-to-model transformations. Two research questions are addressed. First, how can we assess quality of QVTo model transformations? Second, how can we develop higher-quality QVTo transformations? To address the first question, we utilize a bottom–up approach, starting with a broad exploratory study including QVTo expert interviews, a review of existing material, and introspection. We then formalize QVTo transformation quality into a QVTo quality model. The quality model is validated through a survey of a broader group of QVTo developers. We find that although many quality properties recognized as important for QVTo do have counterparts in general purpose languages, a number of them are specific to QVTo or model transformation languages. To address the second research question, we leverage the quality model to identify developer support tooling for QVTo. We then implemented and evaluated one of the tools, namely a code test coverage tool. In designing the tool, code coverage criteria for QVTo model transformations are also identified. The primary contributions of this paper are a QVTo quality model relevant to QVTo practitioners and an open-source code coverage tool already usable by QVTo transformation developers. Secondary contributions are a bottom–up approach to building a quality model, a validation approach leveraging developer perceptions to evaluate quality properties, code test coverage criteria for QVTo, and numerous directions for future research and tooling related to QVTo quality

INSTITUTIONAL LOGICS, INDIE SOFTWARE DEVELOPERS AND PLATFORM GOVERNANCE

This two-essay dissertation aims to study institutional logics in the context of Apple's independent third-party software developers. In essay 1, I investigate the embedded agency aspect of the institutional logics theory. It builds on the premise that logics constrain preferences, interests and behaviors of individuals and organizations, thereby determining the appropriate and legitimate decisions and actions of actors. In the meantime, most social actors operate in fields characterized by multiple institutional logics where contradictions exist, allowing individuals and organizations with opportunities for negotiation and change through exploitation or management of these contradictions. I specifically study two competing institutional logics: professional and market logics when they are experienced simultaneously by independent iOS app entrepreneurs. Using participant observation and semi-structured interviews, I delineate the ways in which logic tension is reconciled through mechanisms of logic synthesis in three entrepreneurial areas - app ideation, app execution and app marketing, and conditions which facilitate or inhibit logic synthesis. In essay 2, I study the emergence and evolution of field-level logics in the context of Apple's desktop developers - Mac indies. Following the cultural emergence model of field-level logics in Thornton et al. (2012), and the argument that "field-level logics are both embedded in societal-level logics and subject to field-level processes that generate distinct forms of instantiation, variation, and combination of societal logics" (p148), I particularly examine the relationship between resource environment and the emergence and evolution of field-level logics. Taking advantage of a critical change in developers' resource environment - Apple's opening of the iOS App Store and subsequently the Mac App Store, and hence its governance model shifting from mainly a technological platform to a platform that includes a market exchange place, I identify developers' logics before and after the change, namely, the software ecosystem logic and platform ecosystem logic. Two ideal types are constructed for the logics along elemental categories, and a content analysis demonstrates the logic shift pattern as resource environments change. A further analysis of the two logics suggests that the software ecosystem logic and platform ecosystem logic are in contestation at this early stage of institutional change