The Unexplored Terrain of Compiler Warnings

The authors' industry experiences suggest that compiler warnings, a lightweight version of program analysis, are valuable early bug detection tools. Significant costs are associated with patches and security bulletins for issues that could have been avoided if compiler warnings were addressed. Yet, the industry's attitude towards compiler warnings is mixed. Practices range from silencing all compiler warnings to having a zero-tolerance policy as to any warnings. Current published data indicates that addressing compiler warnings early is beneficial. However, support for this value theory stems from grey literature or is anecdotal. Additional focused research is needed to truly assess the cost-benefit of addressing warnings

Infectious diseases management framework for Saudi Arabia (SAIF)

A Thesis Submitted to the University of Bedfordshire in partial fulfilment of the requirements for the degree of Doctor of PhilosopyInfectious disease management system area is considered as an emerging field of modern healthcare in the Gulf region. Significant technical and clinical progress and advanced technologies can be utilized to enhance the performance and ubiquity of such systems. Effective infectious disease management (IDM) can be achieved by analysing the disease management issues from the perspectives of healthcare personnel and patients. Hence, it is necessary to identify the needs and requirements of both healthcare personnel and patients for managing the infectious disease. The basic idea behind the proposed mobile IDM system in this thesis is to improve the healthcare processes in managing infectious diseases more effectively. For this purpose, internet and mobile technologies are integrated with social networking, mapping and IDM applications to improve the processes efficiency. Hence, the patients submit their health related data through their devices remotely using our application to our system database (so-called SAIF). The main objective of this PhD project was the design and development of a novel web based architecture of next-generation infectious disease management system embedding the concept of social networking tailored for Saudi patients. Following a detailed literature review which identifies the current status and potential impact of using infectious diseases management system in KSA, this thesis conducts a feasibility user perspective study for identifying the needs and the requirements of healthcare personnel and the patients for managing infectious diseases. Moreover, this thesis proposes a design and development of a novel architecture of next-generation web based infectious disease management system tailored for Saudi patients (i.e., called SAIF – infectious diseases management framework for Saudi Arabia). Further, this thesis introduces a usability study for the SAIF system to validate the acceptability of using mobile technologies amongst infected patient in KSA and Gulf region. The preliminary results of the study indicated general acceptance of the patients in using the system with higher usability rating in high affected patients. In general, the study concluded that the concept of SAIF system is considered acceptable tool in particularly with infected patients

Software Service Innovation: An Action Research into Release Cycle Management

Fierce competition in the market is driving software vendors to rely on Software-as-a-Service (SaaS) strategies and to continuously match new software versions with customers’ needs and competitors’ moves. Although release management as a recurrent activity related to SaaS arguably shapes how a vendor services its customers, the literature is surprisingly limited on how software releases are managed to support SaaS strategies. Against this backdrop, we present a collaborative action-research study with Software Inc., a large multi-national software provider, focused on improving the release cycle management process for a complex security software service. The study is part of a comprehensive intervention into Software Inc. that combines a perspective rooted in software process improvement and engineering practices with one rooted in service delivery and customer interactions. The part that is reported in this dissertation draws on the service-dominant logic framework to analyze how the release cycle management process was organized to improve Software Inc.’s ongoing value co-creation with its customers. As a result, the study contributed to improving release cycle management at Software Inc. and it expands industry knowledge about the challenges and opportunities for software vendors to manage releases and improve the value delivered to and co-created with their customers. This added knowledge is of interest to both practitioners and researchers as SaaS strategies increasingly shape the industry with important implications for how software is released

SLA-Driven Governance of RESTful Systems

The Software as a Service (SaaS) paradigm has become entrenched in the industry as a deployment model, bringing flexibility to the customers and a recurring revenue to the business. The main architectural paradigm of SaaS systems is the service-oriented one since it provides numerous advantages in terms of elasticity, fault tolerance, and flexible architectural design. Currently, the RESTful paradigm, a layer of abstraction on the server created by defining resources and entities that can be accessed by means of a URI, is the preferred choice for the construction of SaaS, as it promotes the deployment, isolation and integration of microservices through APIs. Nowadays, APIs are regarded as a new form of business product and ever more organizations are publicly opening up access to their APIs as a way to create new business opportunities. In the same way, other organizations also consume a number of third-party APIs as part of their business. We henceforth define the concept of a RESTful System as an information system following the RESTful paradigm to shape the integration model between both its own components as well as other information systems. Furthermore, understanding governance as the way in which a component is directed and controlled, in RESTful Systems, those components will be the RESTful APIs and what we aim to control or regulate is their behavior (i.e., how an API is being consumed or provided). As APIs are increasingly regarded as business products, a crucial activity is to describe the set of plans (i.e., the pricing) that depicts the functionality and performance being offered to clients. API providers usually define certain limitations in each instance of a plan (e.g., quotas and rates); for example, a free plan might be limited to having one hundred monthly requests, and a professional plan to have five hundred monthly requests. However, although API providers use the Service Level Agreement (SLA) concept to delimit the functionality and guarantees to which they commit to their customers, there is no standard model used by API providers for modeling API pricing (including the plans and limitations). Although some providers do model the information regarding the API pricing and API limitations with an ad hoc approach, there is no widely accepted model in the industry. Wherefore answering questions regarding API limitations (e.g., determining whether or not a certain pricing is valid) is still a manual or non-interoperable process coming along with some inconveniences (being tedious, time-consuming, error-prone, etc.). Understating governance as to how a system is directed and controlled, we translate this concept to meet the SLA-driven approach: we consider the SLA (i.e., API pricing) as the element that will drive the directions, policies and rules to deliver and maintain the RESTful System. Adding the SLA to the idea of governance of RESTful systems leads to the main hypothesis of this dissertation: there is no well-established model for describing API pricings)in RESTful systems, which is hindering the automatic SLA-Driven governance. We claim the main goal of this thesis to be: the creation of an expressive, fully-fledged specification of SLAs for RESTful APIs endorsed with an open ecosystem of tools aimed at the SLA-Driven Governance of RESTful systems. The results of this endeavor are twofold: (I) Creation of a sufficiently expressive specification for the description of API pricings and the analysis of their validity. This comprises: (i) conducting an analysis of real-world APIs to evaluate the characteristics of the API pricings and limitations; (ii) identifying the relevance of SLAs in APIs in both academic and industrial scenarios; (iii) proposing a comprehensive model for describing API pricings; (iv) defining analysis operations for common questions regarding the validity in API pricings and limitations; (v) performing an evaluation of the model in real-world APIs. (II) Implementation of an ecosystem of tools to support the SLA-Driven governance of RESTful APIs. This includes: (i) developing a set of API governance tools; (ii) implementing a validity analysis operation; (iii) performing a validation of the tools and operations in realistic scenarios. In this thesis, we present the Governify4APIs ecosystem as the set comprised of (i) a model aimed at describing API pricings that is closely aligned with industry standards in APIs (OpenAPI Specification) and (ii) a set of companion tools for enacting the automatic governance using our specification, ranging from low-level validation tasks to SaaS solutions based on our model. Governify4APIs is, therefore, a fully-fledged specification, aligned with the mainstream standards and intended to enable an SLA-Driven Governance of RESTful Systems.El paradigma del software como servicio (SaaS) se ha afianzado en la industria como modelo de despliegue, aportando flexibilidad a los clientes y unos ingresos constantes a las organizaciones. El principal paradigma arquitectónico de los sistemas SaaS es la arquitectura orientada a servicios, ya que proporciona numerosas ventajas en términos de elasticidad, tolerancia a fallos y diseño flexible. RESTful, una capa de abstracción sobre el servidor creada mediante la definición de recursos y entidades a las que se puede acceder mediante una URI, es la opción preferida para la construcción de SaaS, ya que promueve el despliegue, el aislamiento y la integración de microservicios a través de APIs. Hoy en día, las APIs se consideran una nueva forma de producto empresarial y cada vez más organizaciones abren públicamente el acceso a sus APIs como forma de crear nuevas oportunidades de negocio. Del mismo modo, otras organizaciones también consumen una serie de APIs de terceros como parte de su negocio. A partir de ahora definimos el concepto de Sistema RESTful como un sistema de información que sigue el paradigma RESTful para conformar el modelo de integración tanto entre sus propios componentes como con otros sistemas de información. Además, entendiendo gobierno como la forma en que se dirige y controla un componente, en los sistemas RESTful, esos componentes serán las APIs RESTful y lo que pretendemos controlar o regular es su comportamiento (es decir, cómo se está consumiendo o proporcionando una API). Dado que las APIs están, cada vez más, siendo consideradas como productos comerciales, una actividad crucial es describir el conjunto de planes (es decir, el pricing) que describe la funcionalidad y el rendimiento que se ofrece a los clientes. Los proveedores de API suelen definir ciertas limitaciones en cada instancia de un plan (por ejemplo, quotas y rates); por ejemplo, un plan gratuito podría estar limitado a tener cien peticiones mensuales, y un plan profesional a tener quinientas peticiones mensuales. Sin embargo, aunque los proveedores de APIs utilizan el concepto de Acuerdo de Nivel de Servicio (SLA) para delimitar la funcionalidad y las garantías a las que se comprometen con sus clientes, no existe ningún modelo estándar usado por los proveedores para modelar el pricing de las API (incluyendo los planes y limitaciones). Aunque algunos proveedores modelan la información relativa a los pricings y las limitaciones de las APIs con un enfoque ad hoc, no existe un modelo ampliamente aceptado en el sector. Por lo tanto, responder a las preguntas relativas a las limitaciones de la APIs (por ejemplo, determinar si un determinado pricing es válido o no) sigue siendo un proceso manual o no interoperable, cosa que conlleva algunos inconvenientes (es tedioso, consume tiempo, es propenso a errores, etc.). Entendiendo el gobierno como la forma de dirigir y controlar un sistema, podemos traducir este concepto teniendo en cuenta el SLA, esto es, consideramos este elemento como aquel sobre el que se realiza la dirección, políticas y reglas para entregar y mantener el sistema RESTful. Añadir el concepto SLA a esa idea de gobierno de sistemas RESTful nos lleva a la hipótesis principal de esta tesis: no existe un modelo bien establecido para describir los SLAs (o pricing) en los sistemas RESTful, lo que está dificultando el gobierno automático. Es, por tanto, el objetivo principal de esta tesis la creación de una especificación expresiva y completa de SLAs para APIs RESTful, respaldada por un ecosistema abierto de herramientas orientadas al gobierno de sistemas RESTful dirigido por SLAs. Los resultados principales han sido: (I) Creación de una especificación suficientemente expresiva para la descripción de los pricings de la API y el análisis de su validez. Esto comprende: (i) realizar un análisis de APIs del mundo real para evaluar las características de los pricings y limitaciones de las APIs; (ii) identificar la relevancia de los SLAs en las APIs tanto en escenarios académicos como industriales; (iii) proponer un modelo completo para describir los pricings de las APIs; (iv) definir operaciones de análisis para preguntas comunes sobre la validez en los pricings y limitaciones de las APIs; (v) realizar una evaluación del modelo en APIs del mundo real. (II) Implementación de un ecosistema de herramientas para apoyar la gobernanza SLA-Driven de las APIs RESTful. Esto incluye: (i) desarrollar un conjunto de herramientas de gobierno de APIs; (ii) implementar una operación de análisis de validez; (iii) realizar una validación de las herramientas y operaciones en escenarios realistas. En esta tesis, presentamos el ecosistema Governify4APIs como el conjunto compuesto por (i) un modelo destinado a describir los pricings de las APIs y alineado estrechamente con los estándares de la industria (OpenAPI) y (ii) un conjunto de herramientas complementarias para el gobierno automático utilizando este modelo, que van desde tareas de validación hasta soluciones SaaS. Por lo tanto, Governify4APIs es una especificación acompañada de todo lo necesario, alineada con los estándares industriales y destinada a permitir un gobierno de sistemas RESTful dirigidos por SLAs

Pitfalls in Language Models for Code Intelligence: A Taxonomy and Survey

Modern language models (LMs) have been successfully employed in source code generation and understanding, leading to a significant increase in research focused on learning-based code intelligence, such as automated bug repair, and test case generation. Despite their great potential, language models for code intelligence (LM4Code) are susceptible to potential pitfalls, which hinder realistic performance and further impact their reliability and applicability in real-world deployment. Such challenges drive the need for a comprehensive understanding - not just identifying these issues but delving into their possible implications and existing solutions to build more reliable language models tailored to code intelligence. Based on a well-defined systematic research approach, we conducted an extensive literature review to uncover the pitfalls inherent in LM4Code. Finally, 67 primary studies from top-tier venues have been identified. After carefully examining these studies, we designed a taxonomy of pitfalls in LM4Code research and conducted a systematic study to summarize the issues, implications, current solutions, and challenges of different pitfalls for LM4Code systems. We developed a comprehensive classification scheme that dissects pitfalls across four crucial aspects: data collection and labeling, system design and learning, performance evaluation, and deployment and maintenance. Through this study, we aim to provide a roadmap for researchers and practitioners, facilitating their understanding and utilization of LM4Code in reliable and trustworthy ways

Empirical Assessment of Generating Adversarial Configurations for Software Product Lines

International audienceSoftware product line (SPL) engineering allows the derivation of products tailored to stakeholders' needs through the setting of a large number of configuration options. Unfortunately, options and their interactions create a huge configuration space which is either intractable or too costly to explore exhaustively. Instead of covering all products, machine learning (ML) approximates the set of acceptable products (e.g., successful builds, passing tests) out of a training set (a sample of configurations). However, ML techniques can make prediction errors yielding non-acceptable products wasting time, energy and other resources. We apply adversarial machine learning techniques to the world of SPLs and craft new configurations faking to be acceptable configurations but that are not and vice-versa. It allows to diagnose prediction errors and take appropriate actions. We develop two adversarial configuration generators on top of state-of-the-art attack algorithms and capable of synthesizing configurations that are both adversarial and conform to logical constraints. We empirically assess our generators within two case studies: an industrial video synthesizer (MOTIV) and an industry-strength, open-source Web-appconfigurator (JHipster). For the two cases, our attacks yield (up to) a 100% misclassification rate without sacrificing the logical validity of adversarial configurations. This work lays the foundations of a quality assurance framework for ML-based SPLs

Government to citizens E-Service Co-Design

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University Londone-Government services are typically developed by internal service providers, often neglecting the service end user. Subsequent delivery of services can be jeopardised without due consideration of the service user, lacking in consideration of their needs and expectations in the design process. However, the service provider when designing e-services for varied users, find it is hard to meet the prospective users’ expectations and needs and involve them in an iterative design processes. To address this issue; a Co-design approach has been applied and focuses on Jordanian Government to Citizens (G2C) e-services. Co-design tools/methods maximize opportunities and provide new possibilities for communicating and collaborating with varied and diverse users. The main aim of this research is to improve the quality and efficiency of G2C e-services by adopting the Co-design approach including its tools/methods to support user participation throughout design process, and how these tools/methods pretend the features of user participation. A novel G2C e-Service Co-Design Framework (G2C-SCOF) is constructed with mechanisms for understanding the stakeholders’ requirements, and granting them an active role throughout design process of G2C e-service design. A wiki-based Co-design prototype (WCP) is developed and introduced as a response to and evaluation of the developed G2C-SCOF. This research also presents results from the case study in Jordan and used to evaluate WCP effectiveness regarding users’ participation role(s) throughout the Co-design process based on standard service design phases. Interestingly, involvement throughout design process as such can be an enriching experience for the users. Offering a channel to uncover their own creativity and provide enjoyment for them as they see their contributions evolve into a viable service. A robust method for uncovering domain concepts is derived that bridges the requirements’ gap between service provider and service user within a G2C e-service design context. A first iteration evaluates the adoption and acceptance of Jordan Government Portal (JGP) based on a model titled Methodology for e-Government Service Adoption and Acceptance Measurement (MEGA-M). MEGA-M is then used to design a survey and subsequently investigate how citizens perceive the quality of the JGP. RepGrid methodology with semi-structured interviews are deployed in the second iteration – with 24 participants from diverse backgrounds contributing to a synthesised cognitive model titled Stakeholder’s requirements map for G2C Service Design’ (SRM-G2C). Finally, a prototype WCP is developed as the third iteration for evaluation purposes. WCP is a platform for facilitating the sharing and expression of ideas and/or assumptions used to improve the effectiveness of G2C e-service design. The conclusions and contributions drawn from this research are expected to benefit researchers, providing insights for future research in the field of e-Government service design, and practitioners, providing a systematic framework for supporting the collaboration among stakeholders in designing G2C e-services

Does Code Review Speed Matter for Practitioners?

Increasing code velocity is a common goal for a variety of software projects. The efficiency of the code review process significantly impacts how fast the code gets merged into the final product and reaches the customers. We conducted a survey to study the code velocity-related beliefs and practices in place. We analyzed 75 completed surveys from 39 participants from the industry and 36 from the open-source community. Our critical findings are (a) the industry and open-source community hold a similar set of beliefs, (b) quick reaction time is of utmost importance and applies to the tooling infrastructure and the behavior of other engineers, (c) time-to merge is the essential code review metric to improve, (d) engineers have differing opinions about the benefits of increased code velocity for their career growth, and (e) the controlled application of the commit-then-review model can increase code velocity. Our study supports the continued need to invest in and improve code velocity regardless of the underlying organizational ecosystem