Using Automatic Static Analysis to Identify Technical Debt

The technical debt (TD) metaphor describes a tradeoff between short-term and long-term goals in software development. Developers, in such situations, accept compromises in one dimension (e.g. maintainability) to meet an urgent demand in another dimension (e.g. delivering a release on time). Since TD produces interests in terms of time spent to correct the code and accomplish quality goals, accumulation of TD in software systems is dangerous because it could lead to more difficult and expensive maintenance. The research presented in this paper is focused on the usage of automatic static analysis to identify Technical Debt at code level with respect to different quality dimensions. The methodological approach is that of Empirical Software Engineering and both past and current achieved results are presented, focusing on functionality, efficiency and maintainabilit

Organizing the Technical Debt Landscape

To date, several methods and tools for detecting source code and design anomalies have been developed. While each method focuses on identifying certain classes of source code anomalies that potentially relate to technical debt (TD), the overlaps and gaps among these classes and TD have not been rigorously demonstrated. We propose to construct a seminal technical debt landscape as a way to visualize and organize research on the subjec

Mining Fix Patterns for FindBugs Violations

In this paper, we first collect and track a large number of fixed and unfixed violations across revisions of software. The empirical analyses reveal that there are discrepancies in the distributions of violations that are detected and those that are fixed, in terms of occurrences, spread and categories, which can provide insights into prioritizing violations. To automatically identify patterns in violations and their fixes, we propose an approach that utilizes convolutional neural networks to learn features and clustering to regroup similar instances. We then evaluate the usefulness of the identified fix patterns by applying them to unfixed violations. The results show that developers will accept and merge a majority (69/116) of fixes generated from the inferred fix patterns. It is also noteworthy that the yielded patterns are applicable to four real bugs in the Defects4J major benchmark for software testing and automated repair.Comment: Accepted for IEEE Transactions on Software Engineerin

Highway - Rail Grade Crossing Identification and Prioritizing Model Development

The United States Department of Transportation (US DOT) provides funding to state DOTs to implement highway-rail grade crossing improvement programs. These programs are suspected to develop particular safety improvement actions in order to decrease the number of accidents at highway-rail grade crossings. The current work is directed to consider various hazard index/accident prediction methodologies, carefully investigate hazard index/accident prediction methods, applied by Tennessee Department of Transportation (TDOT), develop a model to allocate available monetary resources for upgrades of highway-rail grade crossings in the State of Tennessee and maximize the total benefits in terms of accident and severity reduction. Two different approaches are proposed and a number of numerical experiments are presented to evaluate each approach

Can Cybersecurity Be Proactive? A Big Data Approach and Challenges

The cybersecurity community typically reacts to attacks after they occur. Being reactive is costly and can be fatal where attacks threaten lives, important data, or mission success. But can cybersecurity be done proactively? Our research capitalizes on the Germination Period—the time lag between hacker communities discussing software flaw types and flaws actually being exploited—where proactive measures can be taken. We argue for a novel proactive approach, utilizing big data, for (I) identifying potential attacks before they come to fruition; and based on this identification, (II) developing preventive counter-measures. The big data approach resulted in our vision of the Proactive Cybersecurity System (PCS), a layered, modular service platform that applies big data collection and processing tools to a wide variety of unstructured data sources to predict vulnerabilities and develop countermeasures. Our exploratory study is the first to show the promise of this novel proactive approach and illuminates challenges that need to be addressed

Quantitative Assessment of the Impact of Automatic Static Analysis Issues on Time Efficiency

Background: Automatic Static Analysis (ASA) tools analyze source code and look for code patterns (aka smells) that might cause defective behavior or might degrade other dimensions of software quality, e.g. efficiency. There are many potentially negative code patterns, and ASA tools typically report a huge list of them even in small programs. Moreover, so far, little evidence is available about the negative impact on performance of code patterns identified by such tools. A consequence is that programmers cannot appreciate the benefits of ASA tools and tend not to include them in their workflow. Aims: Quantitatively assess the impact of issues signaled by ASA tools on time efficiency. Method: We select 20 issues and for each of them we set up two source code fragments: one containing the issue and the corresponding refactored version, functionally identical but without the issue. We set up three different platforms, isolated from network and other user programs, then we execute the code fragments, and measure the execution time of both code versions. Results: We find that eleven issues have an actual negative impact on performance. We also compute for each issue an estimation for the delay provoked by a single execution. Conclusions: We produce a set of issues with a verified negative impact on performance. They can be checked easily with an analysis tool and code can be refactored to obtain a provably more efficient code. We also provide the estimated delay cost of each issue in the environments where we conduct the tests. These results can be improved with the help of other researchers: repeating the tests in several platforms would make it possible to build up a wider benchmar

Soil Slope Failure Investigation Management Systems

Highway slopes are exposed to environmental and climatic conditions, such as deforestation, cycles of freezing and thawing weather, heavy storms etc. Over time these climatic conditions can influence slope stability in combination with other factors such as geological formations, slope angle and groundwater conditions. These factors contribute towards causing slope failures that are hazards to highway structures and the traveling public. Consequently, it is crucial to have a soil slope failure investigation management system to track, record, evaluate, analyze and review the soil slope failure data and soil slope remediation data so that cost effective and statistically efficient remedial plans may be developed. This paper presents the framework for developing such a system for The State of Maryland, using a GIS database and a collective overlay of maps to indicate potentially unstable highway slopes through spatial and statistical analysis

The hidden pitfalls of Kanban in software development

ABSTRACT: Objectives of the Study: The objective of this thesis is to explore the hidden pitfalls of Kanban in software development. The aim is to discover the reasons behind the pitfalls and actions that nourish Kanban's failure. Academic background and methodology: Software development industry has been shifting towards more iterative, responsive and people-oriented development methods, which present the values of lean and agile thinking. Being characterized as the antidote for bureaucracy, the shift towards agile development methodologies has been one of the most significant factors affecting the software industry. Kanban as an agile change management framework has been perceived as the fairy godmother of software development making the reasons behind struggling Kanban projects particularly interesting. Thesis interviews five agile experts in the software development and studies their experiences of unsuccessful Kanban implementations. Emphasis is given to similar experiences and perceptions on how Kanban fails to redeem its value proposition. Findings: The primary finding of the study is that an organization that is unable to change its mindset to support Kanban is a pitfall affecting the whole project, inevitably causing Kanban to fail. This is a challenge that all agile methods have in common. Agile can flourish only when agile values are being appreciated. The secondary finding is that many software teams claiming to be using Kanban have implemented only a shallow imitation of the real method thus creating a superficial implementation, which prevents achieving Kanban induced benefits. Thus, creating a superficial implementation, which prevents achieving Kanban induced benefits. Furthermore, the erroneous human interpretation of what Kanban really is and how to apply it correctly is a key factor contributing to the emerge of the pitfalls. Keywords: Kanban, software development, pitfall, agile, change management, framewor