Search

Your search keyword '"ISHIO, Takashi"' showing total 519 results
Start Over Author "ISHIO, Takashi"
519 results on '"ISHIO, Takashi"'

2. More Than React: Investigating The Role of Emoji Reaction in GitHub Pull Requests

Author

Wang, Dong, Xiao, Tao, Son, Teyon, Kula, Raula Gaikovina, Ishio, Takashi, Kamei, Yasutaka, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Open source software development has become more social and collaborative, evident GitHub. Since 2016, GitHub started to support more informal methods such as emoji reactions, with the goal to reduce commenting noise when reviewing any code changes to a repository. From a code review context, the extent to which emoji reactions facilitate a more efficient review process is unknown. We conduct an empirical study to mine 1,850 active repositories across seven popular languages to analyze 365,811 Pull Requests (PRs) for their emoji reactions against the review time, first-time contributors, comment intentions, and the consistency of the sentiments. Answering these four research perspectives, we first find that the number of emoji reactions has a significant correlation with the review time. Second, our results show that a PR submitted by a first-time contributor is less likely to receive emoji reactions. Third, the results reveal that the comments with an intention of information giving, are more likely to receive an emoji reaction. Fourth, we observe that only a small proportion of sentiments are not consistent between comments and emoji reactions, i.e., with 11.8% of instances being identified. In these cases, the prevalent reason is when reviewers cheer up authors that admit to a mistake, i.e., acknowledge a mistake. Apart from reducing commenting noise, our work suggests that emoji reactions play a positive role in facilitating collaborative communication during the review process.

Published
2023

3. 18 Million Links in Commit Messages: Purpose, Evolution, and Decay

Author

Xiao, Tao, Baltes, Sebastian, Hata, Hideaki, Treude, Christoph, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Commit messages contain diverse and valuable types of knowledge in all aspects of software maintenance and evolution. Links are an example of such knowledge. Previous work on "9.6 million links in source code comments" showed that links are prone to decay, become outdated, and lack bidirectional traceability. We conducted a large-scale study of 18,201,165 links from commits in 23,110 GitHub repositories to investigate whether they suffer the same fate. Results show that referencing external resources is prevalent and that the most frequent domains other than github.com are the external domains of Stack Overflow and Google Code. Similarly, links serve as source code context to commit messages, with inaccessible links being frequent. Although repeatedly referencing links is rare (4%), 14% of links that are prone to evolve become unavailable over time; e.g., tutorials or articles and software homepages become unavailable over time. Furthermore, we find that 70% of the distinct links suffer from decay; the domains that occur the most frequently are related to Subversion repositories. We summarize that links in commits share the same fate as links in code, opening up avenues for future work.

Published
2023
Full Text
View/download PDF

4. An Empirical Study of Package Management Issues via Stack Overflow

Author

Islam, Syful, Kula, Raula Gaikovina, Treude, Christoph, Chinthanet, Bodin, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

The package manager (PM) is crucial to most technology stacks, acting as a broker to ensure that a verified dependency package is correctly installed, configured, or removed from an application. Diversity in technology stacks has led to dozens of PMs with various features. While our recent study indicates that package management features of PM are related to end-user experiences, it is unclear what those issues are and what information is required to resolve them. In this paper, we have investigated PM issues faced by end-users through an empirical study of content on Stack Overflow (SO). We carried out a qualitative analysis of 1,131 questions and their accepted answer posts for three popular PMs (i.e., Maven, npm, and NuGet) to identify issue types, underlying causes, and their resolutions. Our results confirm that end-users struggle with PM tool usage (approximately 64-72%). We observe that most issues are raised by end-users due to lack of instructions and errors messages from PM tools. In terms of issue resolution, we find that external link sharing is the most common practice to resolve PM issues. Additionally, we observe that links pointing to useful resources (i.e., official documentation websites, tutorials, etc.) are most frequently shared, indicating the potential for tool support and the ability to provide relevant information for PM end-users.

Published
2022
Full Text
View/download PDF

5. An Empirical Evaluation of Competitive Programming AI: A Case Study of AlphaCode

Author

Lertbanjongngam, Sila, Chinthanet, Bodin, Ishio, Takashi, Kula, Raula Gaikovina, Leelaprute, Pattara, Manaskasemsak, Bundit, Rungsawang, Arnon, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

AlphaCode is a code generation system for assisting software developers in solving competitive programming problems using natural language problem descriptions. Despite the advantages of the code generating system, the open source community expressed concerns about practicality and data licensing. However, there is no research investigating generated codes in terms of code clone and performance. In this paper, we conduct an empirical study to find code similarities and performance differences between AlphaCode-generated codes and human codes. The results show that (i) the generated codes from AlphaCode are similar to human codes (i.e., the average maximum similarity score is 0.56) and (ii) the generated code performs on par with or worse than the human code in terms of execution time and memory usage. Moreover, AlphaCode tends to generate more similar codes to humans for low-difficulty problems (i.e., four cases have the exact same codes). It also employs excessive nested loops and unnecessary variable declarations for high-difficulty problems, which cause low performance regarding our manual investigation. The replication package is available at https:/doi.org/10.5281/zenodo.6820681, Comment: Accepted to the 16th International Workshop on Software Clones (IWSC 2022)

Published
2022

6. Bug-Fix Variants: Visualizing Unique Source Code Changes across GitHub Forks

Author

Imamura, Daigo, Ishio, Takashi, Kula, Raula Gaikovina, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Forking is a common practice for developers when building upon on already existing projects. These forks create variants, which have a common code base but then evolve the code in different directions, which is specific to that forked project requirements. An interesting side-effect of having multiple forks is the ability to select between different evolution directions of the code which is based on developers fixing bugs in the code base. However, the key issue that this decentralized form of information is difficult to analyze. In this study, we propose a visualization to analyze active changes in fork repositories that have not been merged back to the original project. Our visualization shows code commit activities in multiple forks with highlight on bug fix commits in the history of forks. While the commit activity of each repository is visualized similarly to the code frequency view of GitHub, our view shows only commits unique to fork repositories. To illustrate the effectiveness of our visualization, we have applied our view to two use cases: identifying forks from a repository no longer maintained, and identifying a bug fix among forks. In the first case, we identify a fork of a suspended project named Obfuscator-LLVM. Our view shows the original repository and its most active fork that continue the development on the top. In the second case, we identify a bug fix in a fork of Clipy project. Our view shows that the most active fork has its own bug fixes; we could easily identify a patch for the bug highlighted in the view. As a new ideas paper, we then present our outline of three research questions to spark real world use-cases and goals for our visualization has the potential to uncover. A prototype of our visualization is available at \textcolor{blue}{\url{https://naist-se.github.io/vissoft2022/}, Comment: Accepted Short Paper to VISSOFT 2022

Published
2022

7. Giving Back: Contributions Congruent to Library Dependency Changes in a Software Ecosystem

Author

Wattanakriengkrai, Supatsara, Wang, Dong, Kula, Raula Gaikovina, Treude, Christoph, Thongtanunam, Patanamon, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Popular adoption of third-party libraries for contemporary software development has led to the creation of large inter-dependency networks, where sustainability issues of a single library can have widespread network effects. Maintainers of these libraries are often overworked, relying on the contributions of volunteers to sustain these libraries. In this work, we measure contributions that are aligned with dependency changes, to understand where they come from (i.e., non-maintainer, client maintainer, library maintainer, and library and client maintainer), analyze whether they contribute to library dormancy (i.e., a lack of activity), and investigate the similarities between these contributions and developers' typical contributions. Hence, we leverage socio-technical techniques to measure the dependency-contribution congruence (DC congruence), i.e., the degree to which contributions align with dependencies. We conduct a large-scale empirical study to measure the DC congruence for the NPM ecosystem using 1.7 million issues, 970 thousand pull requests (PR), and over 5.3 million commits belonging to 107,242 NPM packages. At the ecosystem level, we pinpoint in time peaks of congruence with dependency changes (i.e., 16% DC congruence score). Surprisingly, these contributions came from the ecosystem itself (i.e., non-maintainers of either client and library). At the project level, we find that DC congruence shares a statistically significant relationship with the likelihood of a package becoming dormant. Finally, by comparing source code of contributions, we find that congruent contributions are statistically different to typical contributions. Our work has implications to encourage and sustain contributions, especially to support library maintainers that require dependency changes.

Published
2022

8. On the Use of Refactoring in Security Vulnerability Fixes: An Exploratory Study on Maven Libraries

Author

Ikegami, Ayano, Kula, Raula Gaikovina, Chinthanet, Bodin, Maeprasart, Vittunyuta, Ouni, Ali, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Third-party library dependencies are commonplace in today's software development. With the growing threat of security vulnerabilities, applying security fixes in a timely manner is important to protect software systems. As such, the community developed a list of software and hardware weakness known as Common Weakness Enumeration (CWE) to assess vulnerabilities. Prior work has revealed that maintenance activities such as refactoring code potentially correlate with security-related aspects in the source code. In this work, we explore the relationship between refactoring and security by analyzing refactoring actions performed jointly with vulnerability fixes in practice. We conducted a case study to analyze 143 maven libraries in which 351 known vulnerabilities had been detected and fixed. Surprisingly, our exploratory results show that developers incorporate refactoring operations in their fixes, with 31.9% (112 out of 351) of the vulnerabilities paired with refactoring actions. We envision this short paper to open up potential new directions to motivate automated tool support, allowing developers to deliver fixes faster, while maintaining their code., Comment: Accepted as ERA paper to EASE2022

Published
2022

9. Software Supply Chain Map: How Reuse Networks Expand

Author

Hata, Hideaki and Ishio, Takashi

Subjects
Computer Science - Software Engineering
Abstract

Clone-and-own is a typical code reuse approach because of its simplicity and efficiency. Cloned software components are maintained independently by a new owner. These clone-and-own operations can be occurred sequentially, that is, cloned components can be cloned again and owned by other new owners on the supply chain. In general, code reuse is not documented well, consequently, appropriate changes like security patches cannot be propagated to descendant software projects. However, the OpenChain Project defined identifying and tracking source code reuses as responsibilities of FLOSS software staffs. Hence supporting source code reuse awareness is in a real need. This paper studies software reuse relations in FLOSS ecosystem. Technically, clone-and-own reuses of source code can be identified by file-level clone set detection. Since change histories are associated with files, we can determine origins and destinations in reusing across multiple software by considering times. By building software supply chain maps, we find that clone-and-own is prevalent in FLOSS development, and set of files are reused widely and repeatedly. These observations open up future challenges of maintaining and tracking global software genealogies., Comment: 12 pages, 14 figures

Published
2022

10. Does Coding in Pythonic Zen Peak Performance? Preliminary Experiments of Nine Pythonic Idioms at Scale

Author

Leelaprute, Pattara, Chinthanet, Bodin, Wattanakriengkrai, Supatsara, Kula, Raula Gaikovina, Jaisri, Pongchai, and Ishio, Takashi

Subjects
Computer Science - Software Engineering
Abstract

In the field of data science, and for academics in general, the Python programming language is a popular choice, mainly because of its libraries for storing, manipulating, and gaining insight from data. Evidence includes the versatile set of machine learning, data visualization, and manipulation packages used for the ever-growing size of available data. The Zen of Python is a set of guiding design principles that developers use to write acceptable and elegant Python code. Most principles revolve around simplicity. However, as the need to compute large amounts of data, performance has become a necessity for the Python programmer. The new idea in this paper is to confirm whether writing the Pythonic way peaks performance at scale. As a starting point, we conduct a set of preliminary experiments to evaluate nine Pythonic code examples by comparing the performance of both Pythonic and Non-Pythonic code snippets. Our results reveal that writing in Pythonic idioms may save memory and time. We show that incorporating list comprehension, generator expression, zip, and itertools.zip_longest idioms can save up to 7,000 MB and up to 32.25 seconds. The results open more questions on how they could be utilized in a real-world setting. The replication package includes all scripts, and the results are available at https://doi.org/10.5281/zenodo.5712349, Comment: To be published in the proceedings of the 30th IEEE/ACM International Conference on Program Comprehension (ICPC)

Published
2022

12. S\=ojiTantei: Function-Call Reachability Detection of Vulnerable Code for npm Packages

Author

Chinthanet, Bodin, Kula, Raula Gaikovina, Zapata, Rodrigo Eliza, Ishio, Takashi, Matsumoto, Kenichi, and Ihara, Akinori

Subjects
Computer Science - Software Engineering, Computer Science - Cryptography and Security
Abstract

It has become common practice for software projects to adopt third-party dependencies. Developers are encouraged to update any outdated dependency to remain safe from potential threats of vulnerabilities. In this study, we present an approach to aid developers show whether or not a vulnerable code is reachable for JavaScript projects. Our prototype, S\=ojiTantei, is evaluated in two ways (i) the accuracy when compared to a manual approach and (ii) a larger-scale analysis of 780 clients from 78 security vulnerability cases. The first evaluation shows that S\=ojiTantei has a high accuracy of 83.3%, with a speed of less than a second analysis per client. The second evaluation reveals that 68 out of the studied 78 vulnerabilities reported having at least one clean client. The study proves that automation is promising with the potential for further improvement., Comment: To be published in IEICE Transactions on Information and Systems (Special Section on Empirical Software Engineering)

Published
2021
Full Text
View/download PDF

13. An Exploration of npm Package Co-Usage Examples from Stack Overflow: A Case Study

Author

Islam, Syful, Wang, Dong, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Third-party package usage has become a common practice in contemporary software development. Developers often face different challenges, including choosing the right libraries, installing errors, discrepancies, setting up the environment, and building failures during software development. The risks of maintaining a third-party package are well known, but it is unclear how information from Stack Overflow (SO) can be useful. This paper performed an empirical study to explore npm co-usage in SO. From over 30,000 SO posts, we extracted 2,100 SO posts related to npm and matched them to 217,934 npm library packages. We find that, popular and highly used libraries are not discussed as often in SO. However, we can see that the accepted answers may prove useful, as we believe that the usage examples and executable commands could be reused for tool support.

Published
2021
Full Text
View/download PDF

14. More Than React: Investigating The Role of EmojiReaction in GitHub Pull Requests

Author

Son, Teyon, Xiao, Tao, Wang, Dong, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Context: Open source software development has become more social and collaborative, especially with the rise of social coding platforms like GitHub. Since 2016, GitHub started to support more informal methods such as emoji reactions, with the goal to reduce commenting noise when reviewing any code changes to a repository. Interestingly, preliminary results indicate that emojis do not always reduce commenting noise (i.e., eight out of 20 emoji reactions), providing evidence that developers use emojis with ulterior intentions. From a reviewing context, the extent to which emoji reactions facilitate for a more efficient review process is unknown. Objective: In this registered report, we introduce the study protocols to investigate ulterior intentions and usages of emoji reactions, apart from reducing commenting noise during the discussions in GitHub pull requests (PRs). As part of the report, we first perform a preliminary analysis to whether emoji reactions can reduce commenting noise in PRs and then introduce the execution plan for the study. Method: We will use a mixed-methods approach in this study, i.e., quantitative and qualitative, with three hypotheses to test.

Published
2021

15. Contrasting Third-Party Package Management User Experience

Author

Islam, Syful, Kula, Raula Gaikovina, Treude, Christoph, Chinthanet, Bodin, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

The management of third-party package dependencies is crucial to most technology stacks, with package managers acting as brokers to ensure that a verified package is correctly installed, configured, or removed from an application. Diversity in technology stacks has led to dozens of package ecosystems with their own management features. While recent studies have shown that developers struggle to migrate their dependencies, the common assumption is that package ecosystems are used without any issue. In this study, we explore 13 package ecosystems to understand whether their features correlate with the experience of their users. By studying experience through the questions that developers ask on the question-and-answer site Stack Overflow, we find that developer questions are grouped into three themes (i.e., Package management, Input-Output, and Package Usage). Our preliminary analysis indicates that specific features are correlated with the user experience. Our work lays out future directions to investigate the trade-offs involved in designing the ideal package ecosystem.

Published
2021

16. What makes a good Node.js package? Investigating Users, Contributors, and Runnability

Author

Chinthanet, Bodin, Reid, Brittany, Treude, Christoph, Wagner, Markus, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

The Node.js Package Manager (i.e., npm) archive repository serves as a critical part of the JavaScript community and helps support one of the largest developer ecosystems in the world. However, as a developer, selecting an appropriate npm package to use or contribute to can be difficult. To understand what features users and contributors consider important when searching for a good npm package, we conduct a survey asking Node.js developers to evaluate the importance of 30 features derived from existing work, including GitHub activity, software usability, and properties of the repository and documentation. We identify that both user and contributor perspectives share similar views on which features they use to assess package quality. We then extract the 30 features from 104,364 npm packages and analyse the correlations between them, including three software features that measure package ``runnability"; ability to install, build, and execute a unit test. We identify which features are negatively correlated with runnability-related features and find that predicting the runnability of packages is viable. Our study lays the groundwork for future work on understanding how users and contributors select appropriate npm packages., Comment: Submitted to ACM Transactions on Software Engineering and Methodology (TOSEM)

Published
2021

17. Automatic Patch Linkage Detection in Code Review Using TextualContent and File Location Features

Author

Wang, Dong, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Context: Contemporary code review tools are a popular choice for software quality assurance. Using these tools, reviewers are able to post a linkage between two patches during a review discussion. Large development teams that use a review-then-commit model risk being unaware of these linkages. Objective: Our objective is to first explore how patch linkage impacts the review process. We then propose and evaluate models that detect patch linkage based on realistic time intervals. Method: First, we carry out an exploratory study on three open source projects to conduct linkage impact analysis using 942 manually classified linkages. Second, we propose two techniques using textual and file location similarity to build detection models and evaluate their performance. Results: The study provides evidence of latency in the linkage notification. We show that a patch with the Alternative Solution linkage (i.e., patches that implement similar functionality)undergoes a quicker review and avoids additional revisions after the team has been notified, compared to other linkage types. Our detection model experiments show promising recall rates for the Alternative Solution linkage (from 32% to 95%), but precision has room for improvement. Conclusion: Patch linkage detection is promising, with likely improvements if the practice of posting linkages becomes more prevalent. From our implications, this paper lays the groundwork for future research on how to increase patch linkage awareness to facilitate efficient reviews.

Published
2021

21. Does the First Response Matter for Future Contributions? A Study of First Contributions

Author

Assavakamhaenghan, Noppadol, Wattanakriengkrai, Supatsara, Shimada, Naomichi, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Open Source Software (OSS) projects rely on a continuous stream of new contributors for their livelihood. Recent studies reported that new contributors experience many barriers in their first contribution, with the social barrier being critical. Although a number of studies investigated the social barriers to new contributors, we hypothesize that negative first responses may cause an unpleasant feeling, and subsequently lead to the discontinuity of any future contribution. We execute protocols of a registered report to analyze 2,765,917 first contributions as Pull Requests (PRs) with 642,841 first responses. We characterize most first response as being positive, but less responsive, and exhibiting sentiments of fear, joy and love. Results also indicate that negative first responses have the literal intention to arouse emotions of being either constructive (50.71%) or criticizing (37.68%) in nature. Running different machine learning models, we find that predicting future interactions is low (F1 score of 0.6171), but relatively better than baselines. Furthermore, an analysis of these models show that interactions are positively correlated with a future contribution, with other dimensions (i.e., project, contributor, contribution) having a large effect.

Published
2021

22. Does Code Review Promote Conformance? A Study of OpenStack Patches

Author

Sri-iesaranusorn, Panyawut, Kula, Raula Gaikovina, and Ishio, Takashi

Subjects
Computer Science - Software Engineering
Abstract

Code Review plays a crucial role in software quality, by allowing reviewers to discuss and critique any new patches before they can be successfully integrated into the project code. Yet, it is unsure the extent to which coding pattern changes (i.e., repetitive code) from when a patch is first submitted and when the decision is made (i.e., during the review process). In this study, we revisit coding patterns in code reviews, aiming to analyze whether or not the coding pattern changes during the review process. Comparing prior submitted patches, we measure differences in coding pattern between pre-review~(i.e., patch before the review) and post-review~(i.e., patch after a review) from 27,736 reviewed OpenStack patches. Results show that patches after review, tend to conform to similar coding patterns of accepted patches, compared to when they were first submitted. We also find that accepted patches do have similar coding patterns to prior accepted patches. Our study reveals insights into the review process, supporting the potential for automated tool support for newcomers and lays the groundwork for work into understanding conformance and how it makes for an efficient code review process.

Published
2021

23. Characterizing and Mitigating Self-Admitted Technical Debt in Build Systems

Author

Xiao, Tao, Wang, Dong, McIntosh, Shane, Hata, Hideaki, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Technical Debt is a metaphor used to describe the situation in which long-term software artifact quality is traded for short-term goals in software projects. In recent years, the concept of self-admitted technical debt (SATD) was proposed, which focuses on debt that is intentionally introduced and described by developers. Although prior work has made important observations about admitted technical debt in source code, little is known about SATD in build systems. In this paper, we set out to better understand the characteristics of SATD in build systems. To do so, through a qualitative analysis of 500 SATD comments in the Maven build system of 291 projects, we characterize SATD by location and rationale (reason and purpose). Our results show that limitations in tools and libraries, and complexities of dependency management are the most frequent causes, accounting for 50% and 24% of the comments. We also find that developers often document SATD as issues to be fixed later. As a first step towards the automatic detection of SATD rationale, we train classifiers to detect the two most frequently occurring reasons and the four most frequently occurring purposes of SATD in the content of comments in Maven build systems. The classifier performance is promising, achieving an F1-score of 0.71-0.79. Finally, within 16 identified 'ready-to-be-addressed' SATD instances, the three SATD submitted by pull requests and the five SATD submitted by issue reports were resolved after developers were made aware. Our work presents the first step towards understanding technical debt in build systems and opens up avenues for future work, such as tool support to track and manage SATD backlogs.

Published
2021
Full Text
View/download PDF

24. Same File, Different Changes: The Potential of Meta-Maintenance on GitHub

Author

Hata, Hideaki, Kula, Raula Gaikovina, Ishio, Takashi, and Treude, Christoph

Subjects
Computer Science - Software Engineering
Abstract

Online collaboration platforms such as GitHub have provided software developers with the ability to easily reuse and share code between repositories. With clone-and-own and forking becoming prevalent, maintaining these shared files is important, especially for keeping the most up-to-date version of reused code. Different to related work, we propose the concept of meta-maintenance -- i.e., tracking how the same files evolve in different repositories with the aim to provide useful maintenance opportunities to those files. We conduct an exploratory study by analyzing repositories from seven different programming languages to explore the potential of meta-maintenance. Our results indicate that a majority of active repositories on GitHub contains at least one file which is also present in another repository, and that a significant minority of these files are maintained differently in the different repositories which contain them. We manually analyzed a representative sample of shared files and their variants to understand which changes might be useful for meta-maintenance. Our findings support the potential of meta-maintenance and open up avenues for future work to capitalize on this potential., Comment: 12 pages, ICSE 2021

Published
2021

25. Newcomer OSS-Candidates: Characterizing Contributions of Novice Developers to GitHub

Author

Rehman, IFraz, Wang, Dong, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

The ability of an Open Source Software (OSS) project to attract, onboard, and retain any newcomer is vital to its livelihood. Although, evidence suggests an upsurge in novice developers joining social coding platforms (such as GitHub), the extent to which their activities result in a OSS contribution is unknown. Henceforth, we execute the protocols of a registered report to study activities of a "Newcomer OSS-Candidate", who is a novice developer that is new to that social coding platform, and has the intention to later onboard an OSS project. Using GitHub as a case platform, we analyze 171 identified Newcomer OSS-Candidates to characterize their contribution activities. Results show that Newcomer OSS-Candidates are likely to target software based repositories (i.e., 66%), and their first contributions are mainly associated with development (commits) and maintenance (PRs). Newcomer OSS-Candidates are less likely to practice social coding, but eventually end up onboarding (i.e., 30% quantitative, 70% follow-up survey) an OSS project. Furthermore, they cite finding a way to start as the most challenging barrier to contribute. Our work reveals insights on how newcomers to social coding platforms are potential sources of OSS contributions., Comment: Empirical Software Engineering

Published
2021

26. A Framework for Conditional Statement Technical Debt Identification and Description

Author

Alhefdhi, Abdulaziz, Dam, Hoa Khanh, Nugroho, Yusuf Sulistyo, Hata, Hideaki, Ishio, Takashi, and Ghose, Aditya

Subjects
Computer Science - Software Engineering
Abstract

Technical Debt occurs when development teams favour short-term operability over long-term stability. Since this places software maintainability at risk, technical debt requires early attention to avoid paying for accumulated interest. Most of the existing work focuses on detecting technical debt using code comments, known as Self-Admitted Technical Debt (SATD). However, there are many cases where technical debt instances are not explicitly acknowledged but deeply hidden in the code. In this paper, we propose a framework that caters for the absence of SATD comments in code. Our Self-Admitted Technical Debt Identification and Description (SATDID) framework determines if technical debt should be self-admitted for an input code fragment. If that is the case, SATDID will automatically generate the appropriate descriptive SATD comment that can be attached with the code. While our approach is applicable in principle to any type of code fragments, we focus in this study on technical debt hidden in conditional statements, one of the most TD-carrying parts of code. We explore and evaluate different implementations of SATDID. The evaluation results demonstrate the applicability and effectiveness of our framework over multiple benchmarks. Comparing with the results from the benchmarks, our approach provides at least 21.35%, 59.36%, 31.78%, and 583.33% improvements in terms of Precision, Recall, F-1, and Bleu-4 scores, respectively. In addition, we conduct human evaluation to the SATD comments generated by SATDID. In 1-5 and 0-5 scales for Acceptability and Understandability, the total means achieved by our approach are 3.128 and 3.172, respectively.

Published
2020
Full Text
View/download PDF

28. PATSQL: Efficient Synthesis of SQL Queries from Example Tables with Quick Inference of Projected Columns

Author

Takenouchi, Keita, Ishio, Takashi, Okada, Joji, and Sakata, Yuji

Subjects
Computer Science - Software Engineering, Computer Science - Databases, Computer Science - Programming Languages
Abstract

SQL is one of the most popular tools for data analysis, and it is now used by an increasing number of users without having expertise in databases. Several studies have proposed programming-by-example approaches to help such non-experts to write correct SQL queries. While existing methods support a variety of SQL features such as aggregation and nested query, they suffer a significant increase in computational cost as the scale of example tables increases. In this paper, we propose an efficient algorithm utilizing properties known in relational algebra to synthesize SQL queries from input and output tables. Our key insight is that a projection operator in a program sketch can be lifted above other operators by applying transformation rules in relational algebra, while preserving the semantics of the program. This enables a quick inference of appropriate columns in the projection operator, which is an essential component in synthesis but causes combinatorial explosions in prior work. We also introduce a novel form of constraints and its top-down propagation mechanism for efficient sketch completion. We implemented this algorithm in our tool PATSQL and evaluated it on 226 queries from prior benchmarks and Kaggle's tutorials. As a result, PATSQL solved 68% of the benchmarks and found 89% of the solutions within a second. Our tool is available at https://naist-se.github.io/patsql/., Comment: 13 pages, 11 figures, To be presented at the International Conference on Very Large Data Bases (VLDB) 2021

Published
2020
Full Text
View/download PDF

29. Code-based Vulnerability Detection in Node.js Applications: How far are we?

Author

Chinthanet, Bodin, Ponta, Serena Elisa, Plate, Henrik, Sabetta, Antonino, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering, Computer Science - Cryptography and Security
Abstract

With one of the largest available collection of reusable packages, the JavaScript runtime environment Node.js is one of the most popular programming application. With recent work showing evidence that known vulnerabilities are prevalent in both open source and industrial software, we propose and implement a viable code-based vulnerability detection tool for Node.js applications. Our case study lists the challenges encountered while implementing our Node.js vulnerable code detector.

Published
2020

30. Newcomer Candidate: Characterizing Contributions of a Novice Developer to GitHub

Author

Rehman, Ifraz, Wang, Dong, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Context: To attract, onboard, and retain any new-comer in Open Source Software (OSS) projects is vital to their livelihood. Recent studies conclude that OSS projects risk failure due to abandonment and poor participation of newcomers. Evidence suggests more new users are joining GitHub, however, the extent to which they contribute to OSS projects is unknown. Objective: In this study, we coin the term 'newcomer candidate' to describe new users to the GitHub platform. Our objective is to track and characterize their initial contributions. As a preliminary survey, we collected 208 newcomer candidate contributions in GitHub. Using this dataset, we then plan to track their contributions to reveal insights. Method: We will use a mixed-methods approach, i.e., quantitative and qualitative, to identify whether or not newcomer candidates practice social coding, the kinds of their contributions, projects they target, and the proportion that they eventually onboard to an OSS project. Limitation: The key limitation is that our newcomer candidates are restricted to those that were collected from our preliminary survey., Comment: ICSME 2020 Registered Report

Published
2020

31. DevReplay: Automatic Repair with Editable Fix Pattern

Author

Ueda, Yuki, Ishio, Takashi, Ihara, Akinori, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Static analysis tools, or linters, detect violation of source code conventions to maintain project readability. Those tools automatically fix specific violations while developers edit the source code. However, existing tools are designed for the general conventions of programming languages. These tools do not check the project/API-specific conventions. We propose a novel static analysis tool DevReplay that generates code change patterns by mining the code change history, and we recommend changes using the matched patterns. Using DevReplay, developers can automatically detect and fix project/API-specific problems in the code editor and code review. Also, we evaluate the accuracy of DevReplay using automatic program repair tool benchmarks and real software. We found that DevReplay resolves more bugs than state-of-the-art APR tools. Finally, we submitted patches to the most popular open-source projects that are implemented by different languages, and project reviewers accepted 80% (8 of 10) patches. DevReplay is available on https://devreplay.github.io.

Published
2020

32. Code Clone Matching: A Practical and Effective Approach to Find Code Snippets

Author

Inoue, Katsuro, Miyamoto, Yuya, German, Daniel M., and Ishio, Takashi

Subjects
Computer Science - Software Engineering
Abstract

Finding the same or similar code snippets in source code is one of fundamental activities in software maintenance. Text-based pattern matching tools such as grep is frequently used for such purpose, but making proper queries for the expected result is not easy. Code clone detectors could be used but their features and result are generally excessive. In this paper, we propose Code Clone matching (CC matching for short) that employs a combination of token-based clone detection and meta-patterns enhanced with meta-tokens. The user simply gives a query code snippet possibly with a few meta-tokens and then gets the resulting snippets, forming type 1, 2, or 3 code clone pairs between the query and result. By using a code snippet with meta-tokens as the query, the resulting matches are well controlled by the users. CC matching has been implemented as a practical and efficient tool named ccgrep, with grep-like user interface. The evaluation shows that ccgrep~ is a very effective to find various kinds of code snippets., Comment: 11 pages, for downloading ccgrep, https://github.com/yuy-m/CCGrep

Published
2020

33. Can We Benchmark Code Review Studies? A Systematic Mapping Study of Methodology, Dataset, and Metric

Author

Wang, Dong, Ueda, Yuki, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Code Review (CR) is the cornerstone for software quality assurance and a crucial practice for software development. As CR research matures, it can be difficult to keep track of the best practices and state-of-the-art in methodology, dataset, and metric. This paper investigates the potential of benchmarking by collecting methodology, dataset, and metric of CR studies. A systematic mapping study was conducted. A total of 112 studies from 19,847 papers published in high-impact venues between the years 2011 and 2019 were selected and analyzed. First, we find that empirical evaluation is the most common methodology (65% of papers), with solution and experience being the least common methodology. Second, we highlight 50% of papers that use the quantitative method or mixed-method have the potential for replicability. Third, we identify 457 metrics that are grouped into sixteen core metric sets, applied to nine Software Engineering topics, showing different research topics tend to use specific metric sets. We conclude that at this stage, we cannot benchmark CR studies. Nevertheless, a common benchmark will facilitate new researchers, including experts from other fields, to innovate new techniques and build on top of already established methodologies. A full replication is available at https://naist-se.github.io/code-review/.

Published
2019

34. Lags in the Release, Adoption, and Propagation of npm Vulnerability Fixes

Author

Chinthanet, Bodin, Kula, Raula Gaikovina, McIntosh, Shane, Ishio, Takashi, Ihara, Akinori, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering, Computer Science - Cryptography and Security
Abstract

Security vulnerability in third-party dependencies is a growing concern not only for developers of the affected software, but for the risks it poses to an entire software ecosystem, e.g., Heartbleed vulnerability. Recent studies show that developers are slow to respond to the threat of vulnerability, sometimes taking four to eleven months to act. To ensure quick adoption and propagation of a release that contains the fix (fixing release), we conduct an empirical investigation to identify lags that may occur between the vulnerable release and its fixing release (package-side fixing release). Through a preliminary study of 231 package-side fixing release of npm projects on GitHub, we observe that a fixing release is rarely released on its own, with up to 85.72% of the bundled commits being unrelated to a fix. We then compare the package-side fixing release with changes on a client-side (client-side fixing release). Through an empirical study of the adoption and propagation tendencies of 1,290 package-side fixing releases that impact throughout a network of 1,553,325 releases of npm packages, we find that stale clients require additional migration effort, even if the package-side fixing release was quick (i.e., package patch landing). Furthermore, we show the influence of factors such as the branch that the package-side fixing release lands on and the severity of vulnerability on its propagation. In addition to these lags we identify and characterize, this paper lays the groundwork for future research on how to mitigate lags in an ecosystem., Comment: Published to Empirical Software Engineering Journal

Published
2019
Full Text
View/download PDF

35. 9.6 Million Links in Source Code Comments: Purpose, Evolution, and Decay

Author

Hata, Hideaki, Treude, Christoph, Kula, Raula Gaikovina, and Ishio, Takashi

Subjects
Computer Science - Software Engineering
Abstract

Links are an essential feature of the World Wide Web, and source code repositories are no exception. However, despite their many undisputed benefits, links can suffer from decay, insufficient versioning, and lack of bidirectional traceability. In this paper, we investigate the role of links contained in source code comments from these perspectives. We conducted a large-scale study of around 9.6 million links to establish their prevalence, and we used a mixed-methods approach to identify the links' targets, purposes, decay, and evolutionary aspects. We found that links are prevalent in source code repositories, that licenses, software homepages, and specifications are common types of link targets, and that links are often included to provide metadata or attribution. Links are rarely updated, but many link targets evolve. Almost 10% of the links included in source code comments are dead. We then submitted a batch of link-fixing pull requests to open source software repositories, resulting in most of our fixes being merged successfully. Our findings indicate that links in source code comments can indeed be fragile, and our work opens up avenues for future work to address these problems., Comment: 12 pages, ICSE 2019

Published
2019

39. Genome-wide CRISPR screen identifies CDK6 as a therapeutic target in adult T-cell leukemia/lymphoma

Author

Ishio, Takashi, Kumar, Sarvesh, Shimono, Joji, Daenthanasanmak, Anusara, Dubois, Sigrid, Lin, Yuquan, Bryant, Bonita, Petrus, Michael N., Bachy, Emmanuel, Huang, Da Wei, Yang, Yandan, Green, Patrick L., Hasegawa, Hiroo, Maeda, Michiyuki, Goto, Hideki, Endo, Tomoyuki, Yokota, Takashi, Hatanaka, Kanako C., Hatanaka, Yutaka, Tanaka, Shinya, Matsuno, Yoshihiro, Yang, Yibin, Hashino, Satoshi, Teshima, Takanori, Waldmann, Thomas A., Staudt, Louis M., and Nakagawa, Masao

Published
2022
Full Text
View/download PDF

40. Using High-Rising Cities to Visualize Performance in Real-Time

Author

Ogami, Katsuya, Kula, Raula Gaikovina, Hata, Hideaki, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

For developers concerned with a performance drop or improvement in their software, a profiler allows a developer to quickly search and identify bottlenecks and leaks that consume much execution time. Non real-time profilers analyze the history of already executed stack traces, while a real-time profiler outputs the results concurrently with the execution of software, so users can know the results instantaneously. However, a real-time profiler risks providing overly large and complex outputs, which is difficult for developers to quickly analyze. In this paper, we visualize the performance data from a real-time profiler. We visualize program execution as a three-dimensional (3D) city, representing the structure of the program as artifacts in a city (i.e., classes and packages expressed as buildings and districts) and their program executions expressed as the fluctuating height of artifacts. Through two case studies and using a prototype of our proposed visualization, we demonstrate how our visualization can easily identify performance issues such as a memory leak and compare performance changes between versions of a program. A demonstration of the interactive features of our prototype is available at https://youtu.be/eleVo19Hp4k., Comment: 10 pages, VISSOFT 2017, Artifact: https://github.com/sefield/high-rising-city-artifact

Published
2017

41. Modeling Library Dependencies and Updates in Large Software Repository Universes

Author

Kula, Raula Gaikovina, De Roover, Coen, German, Daniel M., Ishio, Takashi, and Inoue, Katsuro

Subjects
Computer Science - Software Engineering
Abstract

Popular (re)use of third-party open-source software (OSS) is evidence of the impact of hosting repositories like maven on software development today. Updating libraries is crucial, with recent studies highlighting the associated vulnerabilities with aging OSS libraries. The decision to migrate to a newer library can range from trivial (security threat) to complex (assessment of work required to accommodate the changes). By leveraging the `wisdom of the software repository crowd' we propose a simple and efficient approach to recommending `consented' library updates. Our Software Universe Graph (SUG) models library dependency and update information mined from super repositories to provide different metrics and visualizations that aid in the update decision. To evaluate, we first constructed a SUG from 188,951 nodes of 6,374 maven unique artifacts. Then, we demonstrate how our metrics and visualizations are applied through real-world examples. As an extension, we show how the SUG can compare dependencies between different super repositories. From a sample of 100 GitHub applications, our method found that on average 79% similar overlapping dependencies combinations exist between the maven and github super repository universes., Comment: First Version October 15th 2015

Published
2017

42. Do Developers Update Their Library Dependencies? An Empirical Study on the Impact of Security Advisories on Library Migration

Author

Kula, Raula Gaikovina, German, Daniel M., Ouni, Ali, Ishio, Takashi, and Inoue, Katsuro

Subjects
Computer Science - Software Engineering
Abstract

Third-party library reuse has become common practice in contemporary software development, as it includes several benefits for developers. Library dependencies are constantly evolving, with newly added features and patches that fix bugs in older versions. To take full advantage of third-party reuse, developers should always keep up to date with the latest versions of their library dependencies. In this paper, we investigate the extent of which developers update their library dependencies. Specifically, we conducted an empirical study on library migration that covers over 4,600 GitHub software projects and 2,700 library dependencies. Results show that although many of these systems rely heavily on dependencies, 81.5% of the studied systems still keep their outdated dependencies. In the case of updating a vulnerable dependency, the study reveals that affected developers are not likely to respond to a security advisory. Surveying these developers, we find that 69% of the interviewees claim that they were unaware of their vulnerable dependencies. Furthermore, developers are not likely to prioritize library updates, citing it as extra effort and added responsibility. This study concludes that even though third-party reuse is commonplace, the practice of updating a dependency is not as common for many developers., Comment: 37 Pages

Published
2017
Full Text
View/download PDF

43. Source File Set Search for Clone-and-Own Reuse Analysis

Author

Ishio, Takashi, Sakaguchi, Yusuke, Ito, Kaoru, and Inoue, Katsuro

Subjects
Computer Science - Software Engineering
Abstract

Clone-and-own approach is a natural way of source code reuse for software developers. To assess how known bugs and security vulnerabilities of a cloned component affect an application, developers and security analysts need to identify an original version of the component and understand how the cloned component is different from the original one. Although developers may record the original version information in a version control system and/or directory names, such information is often either unavailable or incomplete. In this research, we propose a code search method that takes as input a set of source files and extracts all the components including similar files from a software ecosystem (i.e., a collection of existing versions of software packages). Our method employs an efficient file similarity computation using b-bit minwise hashing technique. We use an aggregated file similarity for ranking components. To evaluate the effectiveness of this tool, we analyzed 75 cloned components in Firefox and Android source code. The tool took about two hours to report the original components from 10 million files in Debian GNU/Linux packages. Recall of the top-five components in the extracted lists is 0.907, while recall of a baseline using SHA-1 file hash is 0.773, according to the ground truth recorded in the source code repositories., Comment: 14th International Conference on Mining Software Repositories

Published
2017

44. Finding Code-Clone Snippets in Large Source-Code Collection by ccgrep

Author

Inoue, Katsuro, Miyamoto, Yuya, German, Daniel M., Ishio, Takashi, Rannenberg, Kai, Editor-in-Chief, Soares Barbosa, Luís, Editorial Board Member, Goedicke, Michael, Editorial Board Member, Tatnall, Arthur, Editorial Board Member, Neuhold, Erich J., Editorial Board Member, Stiller, Burkhard, Editorial Board Member, Tröltzsch, Fredi, Editorial Board Member, Pries-Heje, Jan, Editorial Board Member, Kreps, David, Editorial Board Member, Reis, Ricardo, Editorial Board Member, Furnell, Steven, Editorial Board Member, Mercier-Laurent, Eunika, Editorial Board Member, Winckler, Marco, Editorial Board Member, Malaka, Rainer, Editorial Board Member, Taibi, Davide, editor, Lenarduzzi, Valentina, editor, Kilamo, Terhi, editor, and Zacchiroli, Stefano, editor

Published
2021
Full Text
View/download PDF

48. Initial Efficacy of the COVID-19 mRNA Vaccine Booster and Subsequent Breakthrough Omicron Variant Infection in Patients with B-Cell Non-Hodgkin’s Lymphoma: A Single-Center Cohort Study

Author

Saito, Makoto, primary, Mori, Akio, additional, Ishio, Takashi, additional, Kobayashi, Mirei, additional, Tsukamoto, Shihori, additional, Kajikawa, Sayaka, additional, Yokoyama, Emi, additional, Kanaya, Minoru, additional, Izumiyama, Koh, additional, Muraki, Haruna, additional, Morioka, Masanobu, additional, and Kondo, Takeshi, additional

Published
2024
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results