Software Maintainability Research Articles

A Fuzzer for Detecting Use-After-Free Vulnerabilities

Fuzzing is an extensively used automated vulnerability detection technique. Most existing fuzzers are guided by edge coverage, which makes them less effective in detecting specific vulnerabilities, especially use-after-free (UAF) vulnerabilities. This is because the triggering of a UAF vulnerability must not only cover a specific memory operation but also satisfy a specific sequence of operations. In this paper, we propose UAF-Fuzzer for detecting UAFs, which consists of static analysis and fuzzing stages. In the static analysis stage, UAF-Fuzzer first uses target identification to determine the basic blocks that may cause UAFs as the target basic blocks; subsequently, it then instruments these target basic blocks. Subsequently, we propose a memory operation evaluation method to assess the complexity of memory operations. In the fuzzing stage, UAF-Fuzzer assigns energy to seeds using a memory evaluation operation and employs a novel seed selection algorithm to prioritize the execution of test cases that are likely to trigger UAF vulnerabilities. We designed and implemented a UAF-Fuzzer to improve the detection of UAFs and compared it with AFL, AFLFast, FairFuzz, MOPT, EcoFuzz, and TortoiseFuzz in terms of UAF vulnerability detection, crash detection, and path discovery. The results showed that UAF-Fuzzer is more effective in terms of detecting UAF vulnerabilities. We have also discovered three UAF vulnerabilities, submitted them to the software maintainer for fixing, and obtained CVE IDs.

Demystifying The Object-Oriented Features Of Popular Object-Oriented Programming Languages.

Background: Indeed, Object-Oriented Programming (OOP) has emerged as one of the major fundamental paradigms in today’s world of software development as it contains principles that enhance modularity, reusability, and maintainability of software. This article explores deeper into some of the facets of OOP aspects as exhibited in some of the most frequently used programming languages ranging from Java, Python, C++, and C# with an intent of offering substantive information to aspects like encapsulation, inheritance, polymorphism, and abstraction. The article synthesizes the ones focusing on the relevance and conceptualization of OOP and problems related to it in the context of learners and practitioners. It also describes strengths and weaknesses of using C++, Python, and Java in relation to OOP while stressing peculiarity of these languages. Some of the core principles of OOP are highlighted such as encapsulation, inheritance, polymorphism, and abstraction and how they are complicated and significant in today’s software engineering. Materials and Methods: There was a presentation of a survey on which the research is based to determine the problems that programmers encounter when applying OOP features using a sample of 80 programmers in the computer science fields in some Nigerian Universities. Results: Findings reveal the significance of understanding OOP concepts in popular languages and suggest ways of increasing developers’ efficiency, minimizing errors, and improving the quality of developed software. Conclusion: Suggestions include a necessity for training and education to enhance software developers' understanding of OOP features. The findings can guide the creation of training materials and courses centered on OOP concepts, aiming to improve software development practices and elevate the quality of software products.

The Impact of Cloud Computing on System Lifecycle Methodologies: an Innovative Approach to Scalability Flexibility

This research analyzes the impact of cloud computing on traditional system lifecycle methodologies and offers an innovative approach that leverages the advantages of cloud computing. Qualitative research was conducted with a literature study on conventional system lifecycle methodologies and cloud computing. The results show that cloud computing enables increased scalability and flexibility through a service-based approach, automation, and elastic management of resources. This research provides recommendations for implementing a hybrid lifecycle methodology that leverages the advantages of both cloud and traditional systems.This paper discusses the impact of cloud computing on system lifecycle methodologies. Cloud computing offers an innovative approach to system scalability and flexibility by allowing computing and storage resources to scale dynamically according to demand. Traditional system lifecycle methodologies are becoming less relevant for rapidly changing cloud environments, so they need to be adapted to respond to the scalability and flexibility capabilities offered by cloud computing.This paper evaluates the impact of the shift towards cloud computing on the methodologies used in the system development lifecycle. Cloud computing offers the ability to scale elastically according to demand, which opens up opportunities to adopt a more adaptable and flexible approach to system development. This paper discusses how traditional system lifecycle methodologies can be adapted to accommodate key cloud computing characteristics such as scalability, flexibility, and virtualization of computing resources. This paper reviews the implications of the move towards a cloud computing paradigm on the methodologies used in developing and maintaining software systems. The shift towards cloud-based environments offers the advantages of scalability and flexibility in dynamically managing system resources. However, these key characteristics of cloud computing pose challenges to traditional system lifecycle methodologies designed for on-premise environments. This paper discusses how system lifecycle methodologies can be adapted to better support system development in cloud computing environments.

Improving the Community Services through Electronic Management of East Pringsewu Subdistrict Administration

Every Government Institution cannot be separated from carrying out daily administrative activities. Manuscripts or recordings of documents or information, including text, images,and sound recordings, are called archives because archives are records of every activity carried out. Currently, the East Pringsewu sub-district office for filing letters and other activities still uses manual methods. The implementation of E-Government is expected to enable all service activities to the community to be carried out electronically, thereby simplifying policy and service functions. The data collection methods used in this writing are observation, documentation, interviews, and literature study. The SDLC (System Development Life Cycle) method is used in this research, namely a systematic approach to planning, designing, developing, testing,and maintaining software systems. Based on needs analysis, the system developed focuses on managing population data, archiving,and correspondence related to village authority. Before implementing the system, it is necessary to design the system. When designing a system, use the Unified Modeling Language (UML) approach using Use Case Diagrams, Activity Diagrams, and Class Diagrams. Use case diagrams to describe the interaction between users and the system being developed. This research uses the PHP programming language and Visual Studio Code as a text editor and MySQL DBMS. Applications can be used as a medium for implementing subdistrict or village development with information technology and supporting the progress of subdistricts or villages byGovernment recommendations in developing E-Government.

Performance evaluation of microservices communication with REST, GraphQL, and gRPC

Microservice architecture has become the design paradigm for creating scalable and maintainable software systems. Selecting the proper communication protocol in microservices is critical to achieving optimal system performance. This study compares the performance of three commonly used API protocols: REST, GraphQL, and gRPC, in microservices architecture. In this study, we established three microservices implemented in three containers and each microservice contained a Redis and MySQL database. We evaluated the performance of these API protocols using two key performance metrics: response time and CPU Utilization. This study performs two distinct data retrieval: fetching flat data and fetching nested data, with a number of requests ranging from 100 to 500 requests. The experimental results indicate that gRPC has a faster response time, followed by REST and GraphQL. Moreover, GraphQL shows higher CPU Utilization compared to gRPC and REST. The experimental results provide insight for developers and architects seeking to optimize their microservices communication protocols for specific use cases and workloads.

Prescriptive procedure for manual code smell annotation

– Code smells are structures in code that present potential software maintainability issues. Manually constructing high-quality datasets to train ML models for code smell detection is challenging. Inconsistent annotations, small size, non-realistic smell-to-non-smell ratio, and poor smell coverage hinder the dataset quality. These issues arise mainly due to the time-consuming nature of manual annotation and annotators’ disagreements caused by ambiguous and vague smell definitions.To address challenges related to building high-quality datasets suitable for training ML models for smell detection, we designed a prescriptive procedure for manual code smell annotation. The proposed procedure represents an extension of our previous work, aiming to support the annotation of any smell defined by Fowler. We validated the procedure by employing three annotators to annotate smells following the proposed annotation procedure.The main contribution of this paper is a prescriptive annotation procedure that benefits the following stakeholders: annotators building high-quality smell datasets that can be used to train ML models, ML researchers building ML models for smell detection, and software engineers employing ML models to enhance the software maintainability. Secondary contributions are the code smell dataset containing Data Class, Feature Envy, and Refused Bequest, and DataSet Explorer tool which supports annotators during the annotation procedure.

Do code reviews lead to fewer code smells?

Context:The code review process is conducted by software teams with various motivations. Among other goals, code reviews act as a gatekeeper for software quality. Objective:In this study, we explore whether code reviews have an impact on one specific aspect of software quality, software maintainability. We further extend our investigation by analyzing whether code review process quality (as evidenced by the presence of code review process smells) influences software maintainability (as evidenced by the presence of code smells). Method:We investigate whether smells in the code review process are related to smells in the code that was reviewed by using correlation analysis. We augment our quantitative analysis with a focus group study to learn practitioners’ opinions. Results:Our investigations revealed that the level of code smells neither increases nor decreases in 8 out of 10 code reviews, regardless of the quality of the code review. Contrary to our own intuition and that of the practitioners in our focus groups, we found that code review process smells have little to no correlation with the level of code smells. We identified multiple potential reasons behind the counter-intuitive results based on our focus group data. Furthermore, practitioners still believe that code reviews are helpful in improving software maintainability. Conclusion:Our results imply that the community should update our goals for code review practices and reevaluate those practices to align them with more relevant and modern realities.

The utility of complexity metrics during code reviews for CSE software projects

Software sustainability is critical for Computational Science and Engineering (CSE) software. Highly complex code makes software more difficult to maintain and less sustainable. Code reviews are a valuable part of the software development lifecycle and can be executed to manage complexity and promote sustainability. We have developed a technique to guide the code review process that considers cyclomatic complexity levels and changes during code reviews. Using real-world examples, this paper analyzes metrics gathered via GitHub Actions for several pull requests, and demonstrates the application of this approach in support of software maintainability and sustainability. We have also conducted a survey as to the usefulness of complexity metrics during code reviews. The results indicate that practitioners find the metrics useful, and that utilizing the metrics during pull request code reviews has the potential to improve the maintainability and sustainability of computational science and engineering software.

Decision Making on a Software Upgrade or Decommission with Data Mining and Machine Learning Techniques in Information Technology Industry

The Organizations have been investing more in Technology and Infrastructure spends like software upgrades, software renewals, software replacements, platform migrations etc., apart from investment in Business, People, and Processes. In this context, it is not an easy task for stakeholders to decide whether to go for a software upgrade or to replace it with another software. There is no unified approach or solution to consolidate data and relationships of Information Technology Assets, Software Upgrades, Software costs, Software defects, Software Performance Metrics, Security issues, IT system versions, service level objectives etc. Due to this, the decision making of software upgrades and software decommissioning is a tedious process and takes more time and effort. There is a need to build a solution that can integrate and validate the information like software assets, software upgrade success and failure likelihoods, cost benefit analysis of Cloud Computing, software metrics for fault prediction, software maintainability prediction results, Digital Transformation readiness and other related factors. There is an opportunity to apply Machine Learning techniques in defining and deriving the success likelihoods on the following data: Systems and data integration, software assets compatibility, operational service level agreement breaches, quality assurance metrics, security issues, number of open defects, number of defect fixes, number of priority incidents, mean time to resolve critical incidents, expected cost increase in software maintenance, potential cost reduction with the software or hardware replacement etc. This Research Proposal outlines the above mentioned to build a recommendation system aka decision tree namely Software Upgrades or Decommissions Life Cycle.

Taxonomy of inline code comment smells

Code comments play a vital role in source code comprehension and software maintainability. It is common for developers to write comments to explain a code snippet, and commenting code is generally considered a good practice in software engineering. However, low-quality comments can have a detrimental effect on software quality or be ineffective for code understanding. This study aims to create a taxonomy of inline code comment smells and determine how frequently each smell type occurs in software projects. We conducted a multivocal literature review to define the initial taxonomy of inline comment smells. Afterward, we manually labeled 2447 inline comments from eight open-source projects where half of them were Java, and another half were Python projects. We created a taxonomy of 11 inline code comment smell types and found out that the smells exist in both Java and Python projects with varying degrees. Moreover, we conducted an online survey with 41 software practitioners to learn their opinions on these smells and their impact on code comprehension and software maintainability. The survey respondents generally agreed with the taxonomy; however, they reported that some smell types might have a positive effect on code comprehension in certain scenarios. We also opened pull requests and issues fixing the comment smells in the sampled projects, where we got a 27% acceptance rate. We share our manually labeled dataset online and provide implications for software engineering practitioners, researchers, and educators.

ANALYSIS OF PERFORMANCE AND FEATURES OF THE FUNCTIONING OF MICROFRONTENDS

Microfrontends represent a trend in the development of the visible part of a web application (frontend), which consists in breaking a monolithic application into separate, semantically independent blocks, developed independently of each other. Each component of a web page or application operates according to specially designed logic, and each of them can be developed, tested and deployed as a standalone application. The main goal of this approach is to facilitate the support and development of large applications that are worked on by different teams. Dividing large projects (“monoliths”) into smaller components has become a traditional approach to reducing the complexity of developing and maintaining software systems. The article examines the features of microfrontends, presents the results of an analysis of the performance of the most popular frameworks for creating microfrontends, and also identifies the features of the microfrontend development team.

Investigating the readability of test code

ContextThe readability of source code is key for understanding and maintaining software systems and tests. Although several studies investigate the readability of source code, there is limited research specifically on the readability of test code and related influence factors.ObjectiveIn this paper, we aim at investigating the factors that influence the readability of test code from an academic perspective based on scientific literature sources and complemented by practical views, as discussed in grey literature.MethodsFirst, we perform a Systematic Mapping Study (SMS) with a focus on scientific literature. Second, we extend this study by reviewing grey literature sources for practical aspects on test code readability and understandability. Finally, we conduct a controlled experiment on the readability of a selected set of test cases to collect additional knowledge on influence factors discussed in practice.ResultsThe result set of the SMS includes 19 primary studies from the scientific literature for further analysis. The grey literature search reveals 62 sources for information on test code readability. Based on an analysis of these sources, we identified a combined set of 14 factors that influence the readability of test code. 7 of these factors were found in scientific and grey literature, while some factors were mainly discussed in academia (2) or industry (5) with only limited overlap. The controlled experiment on practically relevant influence factors showed that the investigated factors have a significant impact on readability for half of the selected test cases.ConclusionOur review of scientific and grey literature showed that test code readability is of interest for academia and industry with a consensus on key influence factors. However, we also found factors only discussed by practitioners. For some of these factors we were able to confirm an impact on readability in a first experiment. Therefore, we see the need to bring together academic and industry viewpoints to achieve a common view on the readability of software test code.

Digital Twins in Software Engineering—A Systematic Literature Review and Vision

Digital twins are a powerful consequence of digital transformation. In fact, they have been applied to many industries to enhance operations, predict needs, improve decision making, or optimize performance, even though the definition of digital twins is still evolving. However, their impact on the software industry is still limited. Thus, this work aims to analyze the current adoption of digital twins in the software industry as a potential path to integrate them into application lifecycle management. To achieve this objective, first, the significant characteristics of current digital twins are analyzed in their application to manufacturing to understand how the knowledge and the lessons learned can be transferred to the software industry. Second, a systematic literature review was conducted on Scopus, the Web of Science, and the ScienceDirect database. The literature review revealed 93 documents after data screening and cleaning 251 initial documents. Our main findings are that digital twins are already influencing and will significantly affect the software industry, revolutionizing various aspects of the software development lifecycle. This study tackles what identifies a digital twin in the software industry, the specific domains and areas where they can be applied in the software lifecycle, and the proposed approaches explored to build digital twins for developing, deploying, and maintaining software systems. Finally, this study proposes some guidelines for building digital twins in the context of application lifecycle management. Determining an appropriate roadmap shortly is essential to achieve a widespread applicability to building suitable digital twins and preparing organizations for the software industry.

On the effectiveness of developer features in code smell prioritization: A replication study

Code smells are sub-optimal design and implementation choices that hinder software maintainability. Although significant progress has been achieved in code smell detection, numerous results are perceived as trivial by developers. In response, a code smell prioritization approach capturing developer features has been proposed by a prior study (MSR’20), and it outperformed a code metric baseline (KBS). The conclusion was validated on a dataset collected from original developers, which includes their comments on code smell priority. However, the low presence of developer aspects in the comments is inconsistent with the performance improvement after involving such features. To explain the inconsistency, we replicate the two studies by exploiting different feature selection methods and a model explanation technique called SHAP. Our major findings are: (i) Correlation-based Feature Selection should not be used as a default method since it could harm Krippendoff’s Alpha by up to 72%, (ii) if better feature selection is applied, pure code metrics from KBS outperform the MSR features in 3 smells by up to 45% in Alpha, and (iii) the behavior of code metrics based models have more agreement with developers’ comments. We suggest exploiting different feature selection methods and using code metrics to prioritize the 3 change-insensitive smells.

Software Maintainability and Refactorings Prediction Based on Technical Debt Issues

Software maintainability is a crucial factor impacting cost, time and resource allocation for software development. Code refactorings greatly enhance code quality, readability, understandability and extensibility. Hence, accurate prediction methods for both maintainability and refactorings are vital for long-term project sustainability and success, offering substantial benefits to the software community as a whole. This article focuses on prediction of software maintainability and the number of needed code refactorings using technical debt data. Two approaches were explored, one compressing technical debt issues per software component and employing machine learning algorithms such as ExtraTrees, Random Forest, Decision Trees, which all obtained a high accuracy and performance. The second approach retained multiple debt issue entries and utilized a Recurrent Neural Network, although less effectively. In addition to the prediction of the requisite number of code refactorings and software maintainability for individual software components, a comprehensive analysis of technical debt issues was conducted before and after the refactoring process. The outcomes of this study contribute to the advancement of a dependable prediction system for maintainability and refactorings, presenting potential advantages to the software community in effectively managing maintenance resources. Of all the employed models, the ExtraTrees model yielded the most optimal predictive outcomes. To the best of our knowledge no other approaches of using ML techniques for this problem have been reported in the literarture. Keywords and phrases: Software Quality, Sonarqube, Refactoring, Code Smells.

Implicit Coordination and Enterprise Architecting Effectiveness

Many organizations have embraced enterprise architecture (EA) as an approach to support business processes and develop and maintain software systems in an efficient and consistent way across the organization. The extant research on EA has focused mostly on technical and governance aspects of EA, which are important, but insufficient to explain whether EA can yield the promised benefits. For EA to succeed, the processes used to conceptualize, design, implement, manage, and change the EA also need to be effective. We refer to this collection of processes as “enterprise architecting”. Our data from qualitative interviews show that effective architecting is the result of well-coordinated EA activities. Our article investigates how two important types of coordination—explicit (i.e., behavioral) and implicit (i.e., cognitive) coordination influence architecting effectiveness. Our study found that implicit coordination is particularly important because it not only influences architecting effectiveness directly, but it also enhances the effects of explicit coordination. More specifically, shared schemas enhance the benefits of governance mechanisms (coordination by plan), whereas common ground enhances the benefits of communication (coordination by feedback). We also uncovered a “self-fueling” recursive effect in which architecting effectiveness further strengthens implicit coordination, generating a beneficial cycle of continual EA improvement.

Pair Programming – Cubic Prediction Model Results for Random Pairs and Individual Junior Programmers

Due to the rapidly evolving technology in the dynamic world, there is a growing desire among software clients for swift delivery of high-quality software. Agile software development satisfies this need and has been widely and appropriately accepted by software professionals. The maintainability of such software, however, has a significant impact on its quality. Unfortunately, existing works neglected to consider timely delivery and instead concentrated primarily on the flexibility component of maintainability. This research looked at maintainability as a function of time to rectify codes among Individual Junior and Random pair software developers. Data was acquired from an experiment performed on software developers in the agile environment and analyzed to develop the quality model metrics for maintainability which was used for prediction. One hundred programmers each received a set of agile codes created in the Python programming language, with deliberate bugs ranging from one to ten. The cubic regression model was used for predicting time spent on debugging errors above ten bugs. Results show that the random pair programmers spent an average time of 21.88 min/error while the individual programmers spent a lesser time of 16.57 min/error.

Why and how bug blocking relations are breakable: An empirical study on breakable blocking bugs

Context:Blocking bugs prevents other bugs from being fixed, which is difficult to repair and negatively impacts software quality. During software maintenance, developers usually try to break the blocking relationship between blocking and blocked bugs, e.g., propose a temporary fix. Object:However, to our knowledge, no studies have investigated why and how blocking relations between bugs are breakable. In this study, we aim to construct an empirical analysis to explore breakable blocking bugs (BBBs). Method:Specifically, we employ quantitative and qualitative analysis to study these BBBs from two aspects. One is to investigate the characteristics of these bugs, and the other is to explore why and how developers break the blocking relationship between bugs during software maintenance. We build a dataset on five large-scale open-source projects and classify bugs into three types (BBBs, normal blocking bugs, and other bugs) to compare the differences between BBBs and other types of bugs. Results:We observe that BBBs have higher levels of involvement, take longer to fix, and involve more complex source code than other bugs. Moreover, we summarize four reasons blocking relationships between bugs are broken, i.e., partial association (41.87%), serious influence (26.40%), time pressure (19.73%), and flawed blocking (12.21%), and three measures developers adopt to break these blocking relationships, i.e., quick patch for blocking bugs (41.33%), quick patch for blocked bugs (38.67%), and ignore the blocking relation and fix blocked bugs directly (20.00%). Conclusion:Through these analyses, it is meaningful for software maintainers to have a deeper understanding of the characteristics and repair practices of BBBs, which will help solve these BBBs effectively in the future.

Highlighting bugs in software development codes using SDPET for enhancing security

The requirement for high-quality, inexpensive software that can be maintained is being driven by the rise in demand for automated online software systems. Early defect identification in SDLCs (Software Development Life Cycles) results in early adjustments and eventually on-time delivery of maintainable software, satisfying the client and fostering his trust in the development team. Many MLTs (Machine Learning Techniques) have been put out in the last ten years to increase SDP accuracy. Most of the suggested SDPs frameworks and models employ ANNs (Artificial Neural Networks), which are a popular MLTs. Software defect data are hampered by a number of problems, including duplication, correlation, feature relevance, and missing samples. However, because to the under/over fitting issues, most existing SDPs utilising ANNs have low accuracy. SDPET (Software Defect Predictions Ensemble Technique), an ensemble learning technique to produce accurate SDPs based on the AdaBoost algorithm, is proposed. The proposed schema's efficacy against RFs (Random Forests) and GBs(Gradient Boosts) for needed values through experiments. The experiment results verify that the suggested SDPET has good accuracy in training and better accuracy in test datasets when compared with other methods. The original obtained dataset was cleaned of unnecessary features, converted to csv, and is stored as dataset. csv.

An Exploratory Study on Code Smells during Code Review in OSS Projects: A Case Study on OpenStack and WikiMedia

Objective: Open-source software (OSS) has become an important choice for developing software applications, and its usage has exponentially increased in recent years. Although many OSS systems have shown high reliability in terms of their functionality, they often exhibit several quality issues. Since most developers focus primarily on meeting clients’ functional requirements within the appropriate deadlines, the outcome suffers from poor design and implementation practices. This issue can also manifest as software code smells, resulting in a variety of quality issues such as software maintainability, comprehensibility, and extensibility. Generally speaking, OSS developers use code reviews during their software development to discover flaws or bugs in the updated code before it is merged with the code base. Nevertheless, despite the harmful impacts of code smells on software projects, the extent to which developers do consider them in the code review process is unclear in practice. Methods: To better understand the code review process in OSS projects, we gathered the comments of code reviewers who specified where developers should fix code smells in two OSS projects, OpenStack and WikiMedia, between 2011 and 2015. Results: Our findings indicate that most code reviewers do not pay much attention to code smells. Only a few code reviewers have attempted to motivate developers to improve their source code quality in general. The results also show that there is an increasing tendency to provide advice concerning code smells corrections over time. Conclusion: We believe that this study's findings will encourage developers to use new software engineering practices, such as refactoring, to reduce code smells when developing OSS.