Detecting Software Modularity Violations, Sunny Wong, Yuanfang Cai, Miryung Kim, Michael Dalton, ICSE' 11: Proceedings of the 2011 ACM and IEEE 33rd International Conference on Software Engineering
Detecting Bad Smells in Source Code using Change History InformationFabio Palomba
Code smells represent symptoms of poor implementation choices. Previous studies found that these smells make source code more difficult to maintain, possibly also increasing its fault-proneness. There are several approaches that identify smells based on code analysis techniques. However, we observe that many code smells are intrinsically characterized by how code elements change over time. Thus, relying solely on structural information may not be sufficient to detect all the smells accurately. We propose an approach to detect five different code smells, namely Divergent Change, Shotgun Surgery, Parallel Inheritance, Blob, and Feature Envy, by exploiting change history information mined from versioning systems. We applied approach, coined as HIST (Historical Information for Smell deTection), to eight software projects written in Java, and wherever possible compared with existing state-of-the-art smell detectors based on source code analysis. The results indicate that HIST’s precision ranges between 61% and 80%, and its recall ranges between 61% and 100%. More importantly, the results confirm that HIST is able to identify code smells that cannot be identified through approaches solely based on code analysis.
Jenkins and Chef: Infrastructure CI and Automated DeploymentDan Stine
This presentation discusses two key components of our deployment pipeline: Continuous integration of Chef code and automated deployment of Java applications. CI jobs for Chef code run static analysis and then provision, configure and test EC2 instances. Release jobs publish new cookbook versions to the Chef server. Deployment jobs identify target EC2 and VMware nodes and orchestrate Chef client runs. The flexibility of Jenkins is essential to our overall delivery architecture.
Detecting Bad Smells in Source Code using Change History InformationFabio Palomba
Code smells represent symptoms of poor implementation choices. Previous studies found that these smells make source code more difficult to maintain, possibly also increasing its fault-proneness. There are several approaches that identify smells based on code analysis techniques. However, we observe that many code smells are intrinsically characterized by how code elements change over time. Thus, relying solely on structural information may not be sufficient to detect all the smells accurately. We propose an approach to detect five different code smells, namely Divergent Change, Shotgun Surgery, Parallel Inheritance, Blob, and Feature Envy, by exploiting change history information mined from versioning systems. We applied approach, coined as HIST (Historical Information for Smell deTection), to eight software projects written in Java, and wherever possible compared with existing state-of-the-art smell detectors based on source code analysis. The results indicate that HIST’s precision ranges between 61% and 80%, and its recall ranges between 61% and 100%. More importantly, the results confirm that HIST is able to identify code smells that cannot be identified through approaches solely based on code analysis.
Jenkins and Chef: Infrastructure CI and Automated DeploymentDan Stine
This presentation discusses two key components of our deployment pipeline: Continuous integration of Chef code and automated deployment of Java applications. CI jobs for Chef code run static analysis and then provision, configure and test EC2 instances. Release jobs publish new cookbook versions to the Chef server. Deployment jobs identify target EC2 and VMware nodes and orchestrate Chef client runs. The flexibility of Jenkins is essential to our overall delivery architecture.
An Empirical Study on Inconsistent Changes to Code Clones at Release LevelNicolas Bettenburg
This is a talk I gave at the 2009 Working Conference on Reverse Engineering in Lille, France about our work on the effects of inconsistent changes on software quality if we observe them at a release level.
IEEE ACM Studying the Relationship between Exception Handling Practices and P...Gui Padua
Paper presentation at IEEE/ACM MSR 2018 - Studying the Relationship between Exception Handling Practices and Post-release Defects.
For C# .NET and Java.
More at: https://guipadua.github.io/eh-model-defects2018/
2011-05-02 - VU Amsterdam - Testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Vlaidating safety critical systems, as well as the test approach used. Contains examples of real-life IEC 61508 SIL 4 systems.
IEEE ICPC 2017 - Studying the Prevalence of Exception Handling Anti-PatternsGui Padua
Paper presentation at IEEE ICPC 2017 - Studying the Prevalence of Exception Handling Anti-Patterns.
For C# .NET and Java.
More at: https://guipadua.github.io/icpc2017/
STiki: An Anti-vandalism Tool for Wikipedia using the Spatio-temporal Propert...westand
STiki is a tool applying machine-learning over spatio-temporal features of revision metadata to detect likely instances of vandalism. A real-valued “vandalism score” determines presentation order to a crowd-sourced user-base.
2010-03-31 - VU Amsterdam - Experiences testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Vlaidating safety critical systems, as well as the test approach used. Contains examples of real-life IEC 61508 SIL 4 systems.
These slides contain an introduction to Symbolic execution and an introduction to KLEE.
I made this for a small demo/intro for my research group's meeting.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
More Related Content
Similar to ICSE 2011 Research Paper on Modularity Violations
An Empirical Study on Inconsistent Changes to Code Clones at Release LevelNicolas Bettenburg
This is a talk I gave at the 2009 Working Conference on Reverse Engineering in Lille, France about our work on the effects of inconsistent changes on software quality if we observe them at a release level.
IEEE ACM Studying the Relationship between Exception Handling Practices and P...Gui Padua
Paper presentation at IEEE/ACM MSR 2018 - Studying the Relationship between Exception Handling Practices and Post-release Defects.
For C# .NET and Java.
More at: https://guipadua.github.io/eh-model-defects2018/
2011-05-02 - VU Amsterdam - Testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Vlaidating safety critical systems, as well as the test approach used. Contains examples of real-life IEC 61508 SIL 4 systems.
IEEE ICPC 2017 - Studying the Prevalence of Exception Handling Anti-PatternsGui Padua
Paper presentation at IEEE ICPC 2017 - Studying the Prevalence of Exception Handling Anti-Patterns.
For C# .NET and Java.
More at: https://guipadua.github.io/icpc2017/
STiki: An Anti-vandalism Tool for Wikipedia using the Spatio-temporal Propert...westand
STiki is a tool applying machine-learning over spatio-temporal features of revision metadata to detect likely instances of vandalism. A real-valued “vandalism score” determines presentation order to a crowd-sourced user-base.
2010-03-31 - VU Amsterdam - Experiences testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Vlaidating safety critical systems, as well as the test approach used. Contains examples of real-life IEC 61508 SIL 4 systems.
These slides contain an introduction to Symbolic execution and an introduction to KLEE.
I made this for a small demo/intro for my research group's meeting.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
1. Detec%ng So+ware
Modularity Viola%ons
Sunny Wong,^* Yuanfang Cai,*
Miryung Kim,† and Michael Dalton*
* Drexel University
† University of Texas at Aus%n
^ Siemens Healthcare
Supported in part by NSF CCF‐0916891, CCF‐1043810, and DUE‐0837665
2. Mo%va%on
The Essence of Modularity:
Allows for independent module evolu%on
[Parnas 72; Baldwin and Clark 00]
In reality, modules do not always change independently
Quick and dirty implementa%on leaves technical debts
So+ware evolves in a way that deviates from original design
Modularity viola%on:
Components that are designed to evolve independently yet change
together in reality frequently
Our goal:
Detect modularity viola%ons
Slow down modularity decay
3. Limita%ons of Exis%ng Approaches
Verifica%on and valida%on
Modularity viola%ons usually do not affect func%onality
Not testable
Not problema%c un%l maintenance
Tradi%onal modularity analyses
Prevailing metrics (e.g., coupling, cohesion) do not measure
independence of module evolu%on
Do not detect the mismatches between design and reality
Code smell analyses
Not all code smells cause modularity viola%on
Not all modularity viola%ons are code smells
4. Approach Overview
Step 1: Find which modules should change together from their
design structure
Input: design model (e.g., UML, source code)
Clio finds modules from derived design structure matrix (DSM)
[Baldwin and Clark 00]
Step 2: Find which modules actually change together in reality
Input: revision history
Clio finds logical coupling of components [Ying et al. 04]
Step 3: Discover recurring discrepancies between the output
of step 1 and the output of step 2 as modularity viola-ons
Clio compares which modules should change together with which
modules actually change together
Recurring discrepancies are reported as modularity viola%ons
10. Iden%fy Recurring Discrepancies as
Modularity Viola%ons
Example discrepancy sets: {a, b}, {a, b, c}, {a, b}
Frequency
{a, b} 3
{a, c} 1
{a, b, c} 1
Clio takes minimal frequency threshold as input, and orders
the discrepancies according to their frequencies.
11. Evalua%on
Evalua%on ques%ons
Q1: How accurate are the viola%ons iden%fied by Clio?
Q2: How early can Clio iden%fy viola%ons?
Q3: What are the characteris%cs of viola%ons iden%fied by Clio?
Manually confirm viola%ons by looking forward in history
Refactoring in codebase
Developer recogni%on (e.g., change request)
Symptoms of code smells
Conserva%ve confirma%on
12. Evalua%on Subjects
Eclipse JDT
10 releases (~3 years)
27806 commits in revision history
3458 modifica%on requests
222 KSLOC in latest version
Hadoop Common
15 releases (~3 years)
3001 commits in revision history
490 modifica%on requests
64 KSLOC in latest version
Experimental Serngs
Minimal threshold of recurring discrepancies: 2
Length of sliding window for analysis: 5 releases
14. Q2: Timeliness of Modularity Viola%on
Detec%on
Hadoop: Clio detects modularity viola%ons, on average, 6
releases before developers iden%fy the design problems
Eclipse: Clio detects modularity viola%ons, on average, 5
releases before developers iden%fy the design problems
15. Q3: Characteris%cs of Modularity
Viola%ons
Analyzed symptoms of modularity viola%ons
Cyclic dependencies
Cloned code
Poor inheritance hierarchy
Unnamed coupling (43% in Hadoop, 16% in Eclipse)
Example of unnamed coupling
Several classes iden%fied as a part of modularity viola%ons, but do not
exhibit any symptoms of bad code smells.
Open modifica%on request to “redesign/refactor” those classes
because they are “hard to maintain, briwle, and merits some rework”
16. Summary
We define modularity viola-on as the mismatches between
designed modular structure and actual evolu%on path
Clio compares how modules should change together against
how modules actually change together to discover modularity
viola-ons
Can detect modularity viola%ons with 40% accuracy for Eclipse
and 66% accuracy for Hadoop
Can iden%fy modularity viola%ons several releases before
developers discover them
Symptoms of modularity viola%ons observed in our study go
beyond known bad smells
17. Detec%ng So+ware
Modularity Viola%ons
Sunny Wong,^* Yuanfang Cai,*
Miryung Kim,† and Michael Dalton*
* Drexel University
† University of Texas at Aus%n
^ Siemens Healthcare
Supported in part by NSF CCF‐0916891, CCF‐1043810, and DUE‐0837665