Sustainability evaluation of software architectures

Long-living software systems are sustainable if they can be cost-efficiently maintained and evolved over their entire life-cycle. The quality of software architectures determines sus-tainability to a large extent. Scenario-based software archi-tecture evaluation methods can support sustainability anal-ysis, but they are still reluctantly used in practice. They are also not integrated with architecture-level metrics when evaluating implemented systems, which limits their capabil-ities. Existing literature reviews for architecture evaluation focus on scenario-based methods, but do not provide a criti-cal reflection of the applicability of such methods for sustain-ability evaluation. Our goal is to measure the sustainabil-ity of a software architecture both during early design us-ing scenarios and during evolution using scenarios and met-rics, which is highly relevant in practice. We thus provide a systematic literature review assessing scenario-based meth-ods for sustainability support and categorize more than 40 architecture-level metrics according to several design prin-ciples. Our review identifies a need for further empirical research, for the integration of existing methods, and for the more efficient use of formal architectural models. 1

Evolution of security engineering artifacts: a state of the art survey

Security is an important quality aspect of modern open software systems. However, it is challenging to keep such systems secure because of evolution. Security evolution can only be managed adequately if it is considered for all artifacts throughout the software development lifecycle. This article provides state of the art on the evolution of security engineering artifacts. The article covers the state of the art on evolution of security requirements, security architectures, secure code, security tests, security models, and security risks as well as security monitoring. For each of these artifacts the authors give an overview of evolution and security aspects and discuss the state of the art on its security evolution in detail. Based on this comprehensive survey, they summarize key issues and discuss directions of future research

A review of software change impact analysis

Change impact analysis is required for constantly evolving systems to support the comprehension, implementation, and evaluation of changes. A lot of research effort has been spent on this subject over the last twenty years, and many approaches were published likewise. However, there has not been an extensive attempt made to summarize and review published approaches as a base for further research in the area. Therefore, we present the results of a comprehensive investigation of software change impact analysis, which is based on a literature review and a taxonomy for impact analysis. The contribution of this review is threefold. First, approaches proposed for impact analysis are explained regarding their motivation and methodology. They are further classified according to the criteria of the taxonomy to enable the comparison and evaluation of approaches proposed in literature. We perform an evaluation of our taxonomy regarding the coverage of its classification criteria in studied literature, which is the second contribution. Last, we address and discuss yet unsolved problems, research areas, and challenges of impact analysis, which were discovered by our review to illustrate possible directions for further research

Change-centric improvement of team collaboration

In software development, teamwork is essential to the successful delivery of a final product. The software industry has historically built software utilizing development teams that share the workplace. Process models, tools, and methodologies have been enhanced to support the development of software in a collocated setting. However, since the dawn of the 21st century, this scenario has begun to change: an increasing number of software companies are adopting global software development to cut costs and speed up the development process. Global software development introduces several challenges for the creation of quality software, from the adaptation of current methods, tools, techniques, etc., to new challenges imposed by the distributed setting, including physical and cultural distance between teams, communication problems, and coordination breakdowns. A particular challenge for distributed teams is the maintenance of a level of collaboration naturally present in collocated teams. Collaboration in this situation naturally d r ops due to low awareness of the activity of the team. Awareness is intrinsic to a collocated team, being obtained through human interaction such as informal conversation or meetings. For a distributed team, however, geographical distance and a subsequent lack of human interaction negatively impact this awareness. This dissertation focuses on the improvement of collaboration, especially within geographically dispersed teams. Our thesis is that by modeling the evolution of a software system in terms of fine-grained changes, we can produce a detailed history that may be leveraged to help developers collaborate. To validate this claim, we first c r eate a model to accurately represent the evolution of a system as sequences of fine- grained changes. We proceed to build a tool infrastructure able to capture and store fine-grained changes for both immediate and later use. Upon this foundation, we devise and evaluate a number of applications for our work with two distinct goals: 1. To assist developers with real-time information about the activity of the team. These applications aim to improve developers’ awareness of team member activity that can impact their work. We propose visualizations to notify developers of ongoing change activity, as well as a new technique for detecting and informing developers about potential emerging conflicts. 2. To help developers satisfy their needs for information related to the evolution of the software system. These applications aim to exploit the detailed change history generated by our approach in order to help developers find answers to questions arising during their work. To this end, we present two new measurements of code expertise, and a novel approach to replaying past changes according to user-defined criteria. We evaluate the approach and applications by adopting appropriate empirical methods for each case. A total of two case studies – one controlled experiment, and one qualitative user study – are reported. The results provide evidence that applications leveraging a fine-grained change history of a software system can effectively help developers collaborate in a distributed setting

La gestion de la connaissance des équipes de développement logiciel

RÉSUMÉ Contexte : Le développement logiciel est un travail d’équipe manipulant un produit essentiellement invisible. En conséquent, le développement logiciel nécessite des échanges de connaissances importants entre développeurs afin que l’équipe effectue une résolution de problème adéquate. Cette résolution de problème résulte en une prise de décision qui aura un impact direct sur la qualité du produit logiciel final. Objectif : Ce travail doctoral a pour objectif de mieux comprendre ces interactions entre développeurs et comment ces interactions peuvent être liées à des problèmes de qualité logicielle. Cette meilleure compréhension du phénomène permet d’améliorer les approches actuelles de développement logiciel afin d’assurer une meilleure qualité du produit final. Méthodologie : Premièrement, des revues de littérature ont été effectuées afin de mieux comprendre l’état actuel de la recherche en gestion de connaissance dans le génie logiciel. Deuxièmement, des analyses de code source et des discussions avec les développeurs ont été faites afin de mieux cerner les causes de problèmes classiques de qualité logicielle. Finalement, des observations faites dans l’industrie ont permis de comprendre la prise de décision collective, et comment cette prise de décision impacte la qualité logicielle. Résultats : Les observations effectuées ont démontré que la qualité logicielle n’est pas qu’un problème d’éducation ; l’essentiel des problèmes de qualité ont été introduits par les développeurs en toute connaissance de cause afin de répondre à d’autres impératifs plus urgents au moment de la prise de décision. Améliorer la qualité des logiciels demande de revoir la manière dont les projets de développement logiciel sont gérés afin d’assurer que les décisions prises sur le terrain n’auront pas de conséquences négatives trop coûteuses à long terme. Conclusions : Il est recommandé que les organisations se dote d’un nouveau palier décisionnel faisant la jointure entre besoins techniques (i.e. qualité logicielle) et administratifs (i.e. ressources disponibles). Ce nouveau palier décisionnel se situerait au niveau de la base de code (« codebase »), soit entre le palier organisationnel et le palier de gestion de projet. Une base de code étant modifiée de manière concurrente par plusieurs projets en parallèle, il devient nécessaire d’avoir un meilleur contrôle sur les modifications effectuées sur celle-ci. Ce nouveau palier serait le gardien des connaissances en lien avec la base de code, selon le principe « you build it, you run it » favorisé dans certaines organisations. Ce nouveau palier serait responsable d’assurer que la base de code reste d’une qualité suffisamment bonne pour supporter les activités de l’organisation dans l’avenir.----------ABSTRACT Context: Software development is a process requiring teamwork on an essentially invisible product. Therefore, software development requires important knowledge exchanges between developers in order to ensure a proper problem resolution. This problem resolution affects the decision making process, which will have a direct impact on the software quality of the final product. Objective: This thesis work aims to better understand these interactions between developers and how they can be linked to software quality problems. With a better understanding of the relation, it will be possible to improve the current software development management practices in order to ensure a better quality of the final software product. Method: First, literature reviews were made with the objective to understand the current state of the research in knowledge management in software engineering. Second, source code analyzes and discussions with the developers were executed in order to better understand the causes of typical software quality issues. Finally, observations were made in an industrial context in order to observe collective decision making in the field, and to understand how these decisions impacts software quality. Results: The bservations made demonstrated that software quality is not only an educational problem; most of the quality problems found were introduced voluntarily by the developers in order to answer a more urgent requirement at the time. Improving software quality therefore requires a review of how software development projects are managed in order to ensure that the decision made in the field do not have overly costly consequences in the long term. Conclusions: It is recommended that organization assign a new decision level linking the technical requirements (i.e. software quality) with administrative requirements (i.e. available resources). This new decision level would be situated at the codebase level, between the organizational strategy level and the project management level. A codebase being modified concurrently by multiple projects, it is therefore necessary to have a better control of the modifications made on it. The people at this new decision level would be the knowledge repository related to the codebase, under the “you build it, you run it” principle popular in some organizations. This new decision level would be responsible of ensuring that the codebase remains of a sufficient quality in order to support the future activities of the organization

Coherent clusters in source code

This paper presents the results of a large scale empirical study of coherent dependence clusters. All statements in a coherent dependence cluster depend upon the same set of statements and affect the same set of statements; a coherent cluster's statements have ‘coherent’ shared backward and forward dependence. We introduce an approximation to efficiently locate coherent clusters and show that it has a minimum precision of 97.76%. Our empirical study also finds that, despite their tight coherence constraints, coherent dependence clusters are in abundance: 23 of the 30 programs studied have coherent clusters that contain at least 10% of the whole program. Studying patterns of clustering in these programs reveals that most programs contain multiple substantial coherent clusters. A series of subsequent case studies uncover that all clusters of significant size map to a logical functionality and correspond to a program structure. For example, we show that for the program acct, the top five coherent clusters all map to specific, yet otherwise non-obvious, functionality. Cluster visualization also brings out subtle deficiencies in program structure and identifies potential refactoring candidates. A study of inter-cluster dependence is used to highlight how coherent clusters are connected to each other, revealing higher-level structures, which can be used in reverse engineering. Finally, studies are presented to illustrate how clusters are not correlated with program faults as they remain stable during most system evolution

A pattern language for evolution reuse in component-based software architectures

Context: Modern software systems are prone to a continuous evolution under frequently varying requirements and changes in operational environments. Architecture-Centric Software Evolution (ACSE) enables changes in a system’s structure and behaviour while maintaining a global view of the software to address evolution-centric trade-offs. Lehman’s law of continuing change demands for long-living and continuously evolving architectures to prolong the productive life and economic value of software. Also some industrial research shows that evolution reuse can save approximately 40% effort of change implementation in ACSE process. However, a systematic review of existing research suggests a lack of solution(s) to support a continuous integration of reuse knowledge in ACSE process to promote evolution-off-the-shelf in software architectures. Objectives: We aim to unify the concepts of software repository mining and software evolution to discover evolution-reuse knowledge that can be shared and reused to guide ACSE. Method: We exploit repository mining techniques (also architecture change mining) that investigates architecture change logs to discover change operationalisation and patterns. We apply software evolution concepts (also architecture change execution) to support pattern-driven reuse in ACSE. Architecture change patterns support composition and application of a pattern language that exploits patterns and their relations to express evolution-reuse knowledge. Pattern language composition is enabled with a continuous discovery of patterns from architecture change logs and formalising relations among discovered patterns. Pattern language application is supported with an incremental selection and application of patterns to achieve reuse in ACSE. The novelty of the research lies with a framework PatEvol that supports a round-trip approach for a continuous acquisition (mining) and application (execution) of reuse knowledge to enable ACSE. Prototype support enables customisation and (semi-) automation for the evolution process. Results: We evaluated the results based on the ISO/IEC 9126 - 1 quality model and a case study based validation of the architecture change mining and change execution processes. We observe consistency and reusability of change support with pattern-driven architecture evolution. Change patterns support efficiency for architecture evolution process but lack a fine-granular change implementation. A critical challenge lies with the selection of appropriate patterns to form a pattern language during evolution. Conclusions: The pattern language itself continuously evolves with an incremental discovery of new patterns from change logs over time. A systematic identification and resolution of change anti-patterns define the scope for future research

On the Stability of Software Clones: A Genealogy-Based Empirical Study

Clones are a matter of great concern to the software engineering community because of their dual but contradictory impact on software maintenance. While there is strong empirical evidence of the harmful impact of clones on maintenance, a number of studies have also identified positive sides of code cloning during maintenance. Recently, to help determine if clones are beneficial or not during software maintenance, software researchers have been conducting studies that measure source code stability (the likelihood that code will be modified) of cloned code compared to non-cloned code. If the presence of clones in program artifacts (files, classes, methods, variables) causes the artifacts to be more frequently changed (i.e., cloned code is more unstable than non-cloned code), clones are considered harmful. Unfortunately, existing stability studies have resulted in contradictory results and even now there is no concrete answer to the research question "Is cloned or non-cloned code more stable during software maintenance?" The possible reasons behind the contradictory results of the existing studies are that they were conducted on different sets of subject systems with different experimental setups involving different clone detection tools investigating different stability metrics. Also, there are four major types of clones (Type 1: exact; Type 2: syntactically similar; Type 3: with some added, deleted or modified lines; and, Type 4: semantically similar) and none of these studies compared the instability of different types of clones. Focusing on these issues we perform an empirical study implementing seven methodologies that calculate eight stability-related metrics on the same experimental setup to compare the instability of cloned and non-cloned code in the maintenance phase. We investigated the instability of three major types of clones (Type 1, Type 2, and Type 3) from different dimensions. We excluded Type 4 clones from our investigation, because the existing clone detection tools cannot detect Type 4 clones well. According to our in-depth investigation on hundreds of revisions of 16 subject systems covering four different programming languages (Java, C, C#, and Python) using two clone detection tools (NiCad and CCFinder) we found that clones generally exhibit higher instability in the maintenance phase compared to non-cloned code. Specifically, Type 1 and Type 3 clones are more unstable as well as more harmful compared to Type 2 clones. However, although clones are generally more unstable sometimes they exhibit higher stability than non-cloned code. We further investigated the effect of clones on another important aspect of stability: method co-changeability (the degree methods change together). Intuitively, higher method co-changeability is an indication of higher instability of software systems. We found that clones do not have any negative effect on method co-changeability; rather, cloning can be a possible way of minimizing method co-changeability when clones are likely to evolve independently. Thus, clones have both positive and negative effects on software stability. Our empirical studies demonstrate how we can effectively use the positive sides of clones by minimizing their negative impacts