Rework Effort Estimation of Self-admitted Technical Debt

Programmers sometimes leave incomplete, temporary workarounds and buggy codes that require rework. This phenomenon in software development is referred to as Self- admitted Technical Debt (SATD). The challenge therefore is for software engineering researchers and practitioners to resolve the SATD problem to improve the software quality. We performed an exploratory study using a text mining approach to extract SATD from developers’ source code comments and implement an effort metric to compute the rework effort that might be needed to resolve the SATD problem. The result of this study confirms the result of a prior study that found design debt to be the most predominant class of SATD. Results from this study also indicate that a significant amount of rework effort of between 13 and 32 commented LOC on average per SATD prone source file is required to resolve the SATD challenge across all the four projects considered. The text mining approach incorporated into the rework effort metric will speed up the extraction and analysis of SATD that are generated during software projects. It will also aid in managerial decisions of whether to handle SATD as part of on-going project development or defer it to the maintenance phase

Speculative Analysis for Quality Assessment of Code Comments

Previous studies have shown that high-quality code comments assist developers in program comprehension and maintenance tasks. However, the semi-structured nature of comments, unclear conventions for writing good comments, and the lack of quality assessment tools for all aspects of comments make their evaluation and maintenance a non-trivial problem. To achieve high-quality comments, we need a deeper understanding of code comment characteristics and the practices developers follow. In this thesis, we approach the problem of assessing comment quality from three different perspectives: what developers ask about commenting practices, what they write in comments, and how researchers support them in assessing comment quality. Our preliminary findings show that developers embed various kinds of information in class comments across programming languages. Still, they face problems in locating relevant guidelines to write consistent and informative comments, verifying the adherence of their comments to the guidelines, and evaluating the overall state of comment quality. To help developers and researchers in building comment quality assessment tools, we provide: (i) an empirically validated taxonomy of comment convention-related questions from various community forums, (ii) an empirically validated taxonomy of comment information types from various programming languages, (iii) a language-independent approach to automatically identify the information types, and (iv) a comment quality taxonomy prepared from a systematic literature review.Comment: 5 pages, 1 figure, conferenc

Assessing Comment Quality in Object-Oriented Languages

Previous studies have shown that high-quality code comments support developers in software maintenance and program comprehension tasks. However, the semi-structured nature of comments, several conventions to write comments, and the lack of quality assessment tools for all aspects of comments make comment evaluation and maintenance a non-trivial problem. To understand the specification of high-quality comments to build effective assessment tools, our thesis emphasizes acquiring a multi-perspective view of the comments, which can be approached by analyzing (1) the academic support for comment quality assessment, (2) developer commenting practices across languages, and (3) developer concerns about comments. Our findings regarding the academic support for assessing comment quality showed that researchers primarily focus on Java in the last decade even though the trend of using polyglot environments in software projects is increasing. Similarly, the trend of analyzing specific types of code comments (method comments, or inline comments) is increasing, but the studies rarely analyze class comments. We found 21 quality attributes that researchers consider to assess comment quality, and manual assessment is still the most commonly used technique to assess various quality attributes. Our analysis of developer commenting practices showed that developers embed a mixed level of details in class comments, ranging from high-level class overviews to low-level implementation details across programming languages. They follow style guidelines regarding what information to write in class comments but violate the structure and syntax guidelines. They primarily face problems locating relevant guidelines to write consistent and informative comments, verifying the adherence of their comments to the guidelines, and evaluating the overall state of comment quality. To help researchers and developers in building comment quality assessment tools, we contribute: (i) a systematic literature review (SLR) of ten years (2010–2020) of research on assessing comment quality, (ii) a taxonomy of quality attributes used to assess comment quality, (iii) an empirically validated taxonomy of class comment information types from three programming languages, (iv) a multi-programming-language approach to automatically identify the comment information types, (v) an empirically validated taxonomy of comment convention-related questions and recommendation from various Q&A forums, and (vi) a tool to gather discussions from multiple developer sources, such as Stack Overflow, and mailing lists. Our contributions provide various kinds of empirical evidence of the developer’s interest in reducing efforts in the software documentation process, of the limited support developers get in automatically assessing comment quality, and of the challenges they face in writing high-quality comments. This work lays the foundation for future effective comment quality assessment tools and techniques

Virtual software in reality

Software visualisation is an important weapon in the program comprehension armoury. It is a technique that can, when designed and used effectively, aid in understanding existing program code. It can achieve this by displaying information in new and different forms, which may make obvious something missed in reading the code. It can also be used to present many aspects of the data at once. Software, despite many software engineering advances in requirements, design and implementation techniques, continues to be complex and large and if anything seems to be growing in these respects. This means that techniques that failed to aid comprehension and maintenance are certainly not going to be able to deal with the current software. Therefore this area requires research to be able to suggest solutions to deal with the information overload that is sure to occur. There are several issues that this thesis addresses; all of them related to the creation of software visualisation systems that are capable of being used and useful well into the next generation of software systems. The scale and complexity of software are pressing issues, as is the associated information overload problem that this brings. In an attempt to address this problem the following are considered to be important: abstractions, representations, mappings, metaphors, and visualisations. These areas are interrelated and the first four enable the final one, visualisations. These problems are not the only ones that face software visualisation systems. There are many that are based on the general theory of the applicability of the technique to such tasks as program comprehension, rather than the detail of how a particular code fragment is shown. These problems are also related to the enabling technology of three- dimensional visualisations; virtual reality. In summary the areas of interest are: automation, evolution, scalability, navigation and interaction, correlation, and visual complexity. This thesis provides an exploration of these identified areas in the context of software visualisation. Relationships that describe, and distinguish between, existing and future software visualisations are presented, with examples based on recent software visualisation research. Two real world metaphors (and their associated mappings and representations) are defined for the purpose of visualising software as an aid to program comprehension. These metaphors also provide a vehicle for the exploration of the areas identified above. Finally, an evaluation of the visualisations is presented using a framework developed for the comparative evaluation of three-dimensional, comprehension oriented, software visualisations. This thesis has shown the viability of using three-dimensional software visualisations. The important issues of automation, evolution, scalability, and navigation have been presented and discussed, and their relationship to real world metaphors examined. This has been done in conjunction with an investigation into the use of such real world metaphors for software visualisation. The thesis as a whole has provided an important examination of many of the issues related to these types of visualisation in the context of software and is therefore a valuable basis for future work in this area

Security Threats Classification in Blockchains

Blockchain, the foundation of Bitcoin, has become one of the most popular technologies to create and manage digital transactions recently. It serves as an immutable ledger which allows transactions take place in a decentralized manner. This expeditiously evolving technology has the potential to lead to a shift in thinking about digital transactions in multiple sectors including, Internet of Things, healthcare, energy, supply chain, manufacturing, cybersecurity and principally financial services. However, this emerging technology is still in its infancy. Despite the huge opportunities blockchain offers, it suffers from challenges and limitation such as scalability, security, and privacy, compliance, and governance issues that have not yet been thoroughly explored and addressed. Although there are some studies on the security and privacy issues of the blockchain, they lack a systematic examination of the security of blockchain systems. This research conducted a systematic survey of the security threats to the blockchain systems and reviewed the existing vulnerabilities in the Blockchain. These vulnerabilities lead to the execution of the various security threats to the normal functionality of the Blockchain platforms. Moreover, the study provides a case-study for each attack by examining the popular blockchain systems and also reviews possible countermeasures which could be used in the development of various blockchain systems. Furthermore, this study developed taxonomies that classified the security threats and attacks based on the blockchain abstract layers, blockchain primary processes and primary business users. This would assist the developers and businesses to be attentive to the existing threats in different areas of the blockchain-based platforms and plan accordingly to mitigate risk. Finally, summarized the critical open challenges, and suggest future research directions