Search

Your search keyword '"Matsumoto, Kenichi"' showing total 891 results
Start Over Author "Matsumoto, Kenichi"
891 results on '"Matsumoto, Kenichi"'

1. How Maintainable is Proficient Code? A Case Study of Three PyPI Libraries

Author

Febriyanti, Indira, Fan, Youmei, Shimari, Kazumasa, Matsumoto, Kenichi, and Kula, Raula Gaikovina

Subjects
Computer Science - Software Engineering
Abstract

Python is very popular because it can be used for a wider audience of developers, data scientists, machine learning experts and so on. Like other programming languages, there are beginner to advanced levels of writing Python code. However, like all software, code constantly needs to be maintained as bugs and the need for new features emerge. Although the Zen of Python states that "Simple is better than complex," we hypothesize that more elegant and proficient code might be harder for the developer to maintain. To study this relationship between the understanding of code maintainability and code proficiency, we present an exploratory study into the complexity of Python code on three Python libraries. Specifically, we investigate the risk level of proficient code inside a file. As a starting point, we mined and collected the proficiency of code from three PyPI libraries totaling 3,003 files. We identified several instances of high proficient code that was also high risk, with examples being simple list comprehensions, 'enumerate' calls, generator expressions, simple dictionary comprehensions, and the 'super' function. Our early examples revealed that most code-proficient development presented a low maintainability risk, yet there are some cases where proficient code is also risky to maintenance. We envision that the study should help developers identify scenarios where and when using proficient code might be detrimental to future code maintenance activities.

Published
2024

2. Nigerian Software Engineer or American Data Scientist? GitHub Profile Recruitment Bias in Large Language Models

Author

Nakano, Takashi, Shimari, Kazumasa, Kula, Raula Gaikovina, Treude, Christoph, Cheong, Marc, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Large Language Models (LLMs) have taken the world by storm, demonstrating their ability not only to automate tedious tasks, but also to show some degree of proficiency in completing software engineering tasks. A key concern with LLMs is their "black-box" nature, which obscures their internal workings and could lead to societal biases in their outputs. In the software engineering context, in this early results paper, we empirically explore how well LLMs can automate recruitment tasks for a geographically diverse software team. We use OpenAI's ChatGPT to conduct an initial set of experiments using GitHub User Profiles from four regions to recruit a six-person software development team, analyzing a total of 3,657 profiles over a five-year period (2019-2023). Results indicate that ChatGPT shows preference for some regions over others, even when swapping the location strings of two profiles (counterfactuals). Furthermore, ChatGPT was more likely to assign certain developer roles to users from a specific country, revealing an implicit bias. Overall, this study reveals insights into the inner workings of LLMs and has implications for mitigating such societal biases in these models.

Published
2024

3. On Applying Bandit Algorithm to Fault Localization Techniques

Author

Nakao, Masato, Hamamoto, Kensei, Tsunoda, Masateru, Tahir, Amjed, Toda, Koji, Monden, Akito, Nakasai, Keitaro, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Developers must select a high-performance fault localization (FL) technique from available ones. A conventional approach is to try to select only one FL technique that is expected to attain high performance before debugging activity. In contrast, we propose a new approach that dynamically selects better FL techniques during debugging activity., Comment: 2 pages, 2 figures, 1 table

Published
2024

4. An Empirical Study of the Impact of Test Strategies on Online Optimization for Ensemble-Learning Defect Prediction

Author

Hamamoto, Kensei, Tsunoda, Masateru, Tahir, Amjed, Bennin, Kwabena Ebo, Monden, Akito, Toda, Koji, Nakasai, Keitaro, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Ensemble learning methods have been used to enhance the reliability of defect prediction models. However, there is an inconclusive stability of a single method attaining the highest accuracy among various software projects. This work aims to improve the performance of ensemble-learning defect prediction among such projects by helping select the highest accuracy ensemble methods. We employ bandit algorithms (BA), an online optimization method, to select the highest-accuracy ensemble method. Each software module is tested sequentially, and bandit algorithms utilize the test outcomes of the modules to evaluate the performance of the ensemble learning methods. The test strategy followed might impact the testing effort and prediction accuracy when applying online optimization. Hence, we analyzed the test order's influence on BA's performance. In our experiment, we used six popular defect prediction datasets, four ensemble learning methods such as bagging, and three test strategies such as testing positive-prediction modules first (PF). Our results show that when BA is applied with PF, the prediction accuracy improved on average, and the number of found defects increased by 7% on a minimum of five out of six datasets (although with a slight increase in the testing effort by about 4% from ordinal ensemble learning). Hence, BA with PF strategy is the most effective to attain the highest prediction accuracy using ensemble methods on various projects., Comment: 6 pages, 6 figures, 6 tables

Published
2024

5. Towards Identifying Code Proficiency through the Analysis of Python Textbooks

Author

Rojpaisarnkit, Ruksit, Robles, Gregorio, Kula, Raula Gaikovina, Wang, Dong, Ragkhitwetsagul, Chaiyong, Gonzalez-Barahona, Jesus M., and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering, D.2.0, D.2.7
Abstract

Python, one of the most prevalent programming languages today, is widely utilized in various domains, including web development, data science, machine learning, and DevOps. Recent scholarly efforts have proposed a methodology to assess Python competence levels, similar to how proficiency in natural languages is evaluated. This method involves assigning levels of competence to Python constructs, for instance, placing simple 'print' statements at the most basic level and abstract base classes at the most advanced. The aim is to gauge the level of proficiency a developer must have to understand a piece of source code. This is particularly crucial for software maintenance and evolution tasks, such as debugging or adding new features. For example, in a code review process, this method could determine the competence level required for reviewers. However, categorizing Python constructs by proficiency levels poses significant challenges. Prior attempts, which relied heavily on expert opinions and developer surveys, have led to considerable discrepancies. In response, this paper presents a new approach to identifying Python competency levels through the systematic analysis of introductory Python programming textbooks. By comparing the sequence in which Python constructs are introduced in these textbooks with the current state of the art, we have uncovered notable discrepancies in the order of introduction of Python constructs. Our study underscores a misalignment in the sequences, demonstrating that pinpointing proficiency levels is not trivial. Insights from the study serve as pivotal steps toward reinforcing the idea that textbooks serve as a valuable source for evaluating developers' proficiency, and particularly in terms of their ability to undertake maintenance and evolution tasks., Comment: 12 pages, 7 figures, 6 tables, ICSME2024

Published
2024

6. Generative AI for Pull Request Descriptions: Adoption, Impact, and Developer Interventions

Author

Xiao, Tao, Hata, Hideaki, Treude, Christoph, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

GitHub's Copilot for Pull Requests (PRs) is a promising service aiming to automate various developer tasks related to PRs, such as generating summaries of changes or providing complete walkthroughs with links to the relevant code. As this innovative technology gains traction in the Open Source Software (OSS) community, it is crucial to examine its early adoption and its impact on the development process. Additionally, it offers a unique opportunity to observe how developers respond when they disagree with the generated content. In our study, we employ a mixed-methods approach, blending quantitative analysis with qualitative insights, to examine 18,256 PRs in which parts of the descriptions were crafted by generative AI. Our findings indicate that: (1) Copilot for PRs, though in its infancy, is seeing a marked uptick in adoption. (2) PRs enhanced by Copilot for PRs require less review time and have a higher likelihood of being merged. (3) Developers using Copilot for PRs often complement the automated descriptions with their manual input. These results offer valuable insights into the growing integration of generative AI in software development.

Published
2024
Full Text
View/download PDF

7. Quantifying and Characterizing Clones of Self-Admitted Technical Debt in Build Systems

Author

Xiao, Tao, Zeng, Zhili, Wang, Dong, Hata, Hideaki, McIntosh, Shane, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Self-Admitted Technical Debt (SATD) annotates development decisions that intentionally exchange long-term software artifact quality for short-term goals. Recent work explores the existence of SATD clones (duplicate or near duplicate SATD comments) in source code. Cloning of SATD in build systems (e.g., CMake and Maven) may propagate suboptimal design choices, threatening qualities of the build system that stakeholders rely upon (e.g., maintainability, reliability, repeatability). Hence, we conduct a large-scale study on 50,608 SATD comments extracted from Autotools, CMake, Maven, and Ant build systems to investigate the prevalence of SATD clones and to characterize their incidences. We observe that: (i) prior work suggests that 41-65% of SATD comments in source code are clones, but in our studied build system context, the rates range from 62% to 95%, suggesting that SATD clones are a more prevalent phenomenon in build systems than in source code; (ii) statements surrounding SATD clones are highly similar, with 76% of occurrences having similarity scores greater than 0.8; (iii) a quarter of SATD clones are introduced by the author of the original SATD statements; and (iv) among the most commonly cloned SATD comments, external factors (e.g., platform and tool configuration) are the most frequent locations, limitations in tools and libraries are the most frequent causes, and developers often copy SATD comments that describe issues to be fixed later. Our work presents the first step toward systematically understanding SATD clones in build systems and opens up avenues for future work, such as distinguishing different SATD clone behavior, as well as designing an automated recommendation system for repaying SATD effectively based on resolved clones.

Published
2024
Full Text
View/download PDF

8. 'My GitHub Sponsors profile is live!' Investigating the Impact of Twitter/X Mentions on GitHub Sponsors

Author

Fan, Youmei, Xiao, Tao, Hata, Hideaki, Treude, Christoph, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

GitHub Sponsors was launched in 2019, enabling donations to open-source software developers to provide financial support, as per GitHub's slogan: "Invest in the projects you depend on". However, a 2022 study on GitHub Sponsors found that only two-fifths of developers who were seeking sponsorship received a donation. The study found that, other than internal actions (such as offering perks to sponsors), developers had advertised their GitHub Sponsors profiles on social media, such as Twitter (also known as X). Therefore, in this work, we investigate the impact of tweets that contain links to GitHub Sponsors profiles on sponsorship, as well as their reception on Twitter/X. We further characterize these tweets to understand their context and find that (1) such tweets have the impact of increasing the number of sponsors acquired, (2) compared to other donation platforms such as Open Collective and Patreon, GitHub Sponsors has significantly fewer interactions but is more visible on Twitter/X, and (3) developers tend to contribute more to open-source software during the week of posting such tweets. Our findings are the first step toward investigating the impact of social media on obtaining funding to sustain open-source software.

Published
2024

9. Studying the association between Gitcoin's issues and resolving outcomes

Author

Choetkiertikul, Morakot, Puengmongkolchaikit, Arada, Chandra, Pandaree, Ragkitwetsakul, Chaiyong, Maipradit, Rungroj, Hata, Hideaki, Sunetnanta, Thanwadee, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

The development of open-source software (OSS) projects usually have been driven through collaborations among contributors and strongly relies on volunteering. Thus, allocating software practitioners (e.g., contributors) to a particular task is non-trivial and draws attention away from the development. Therefore, a number of bug bounty platforms have emerged to address this problem through bounty rewards. Especially, Gitcoin, a new bounty platform, introduces a bounty reward mechanism that allows individual issue owners (backers) to define a reward value using cryptocurrencies rather than using crowdfunding mechanisms. Although a number of studies have investigated the phenomenon on bounty platforms, those rely on different bounty reward systems. Our study thus investigates the association between the Gitcoin bounties and their outcomes (i.e., success and non-success). We empirically study over 4,000 issues with Gitcoin bounties using statistical analysis and machine learning techniques. We also conducted a comparative study with the Bountysource platform to gain insights into the usage of both platforms. Our study highlights the importance of factors such as the length of the project, issue description, type of bounty issue, and the bounty value, which are found to be highly correlated with the outcome of bounty issues. These findings can provide useful guidance to practitioners.

Published
2023

10. Lessons from the Long Tail: Analysing Unsafe Dependency Updates across Software Ecosystems

Author

Wattanakriengkrai, Supatsara, Kula, Raula Gaikovina, Treude, Christoph, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

A risk in adopting third-party dependencies into an application is their potential to serve as a doorway for malicious code to be injected (most often unknowingly). While many initiatives from both industry and research communities focus on the most critical dependencies (i.e., those most depended upon within the ecosystem), little is known about whether the rest of the ecosystem suffers the same fate. Our vision is to promote and establish safer practises throughout the ecosystem. To motivate our vision, in this paper, we present preliminary data based on three representative samples from a population of 88,416 pull requests (PRs) and identify unsafe dependency updates (i.e., any pull request that risks being unsafe during runtime), which clearly shows that unsafe dependency updates are not limited to highly impactful libraries. To draw attention to the long tail, we propose a research agenda comprising six key research questions that further explore how to safeguard against these unsafe activities. This includes developing best practises to address unsafe dependency updates not only in top-tier libraries but throughout the entire ecosystem.

Published
2023

11. DevGPT: Studying Developer-ChatGPT Conversations

Author

Xiao, Tao, Treude, Christoph, Hata, Hideaki, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

This paper introduces DevGPT, a dataset curated to explore how software developers interact with ChatGPT, a prominent large language model (LLM). The dataset encompasses 29,778 prompts and responses from ChatGPT, including 19,106 code snippets, and is linked to corresponding software development artifacts such as source code, commits, issues, pull requests, discussions, and Hacker News threads. This comprehensive dataset is derived from shared ChatGPT conversations collected from GitHub and Hacker News, providing a rich resource for understanding the dynamics of developer interactions with ChatGPT, the nature of their inquiries, and the impact of these interactions on their work. DevGPT enables the study of developer queries, the effectiveness of ChatGPT in code generation and problem solving, and the broader implications of AI-assisted programming. By providing this dataset, the paper paves the way for novel research avenues in software engineering, particularly in understanding and improving the use of LLMs like ChatGPT by developers., Comment: MSR 2024 Mining Challenge Proposal

Published
2023
Full Text
View/download PDF

12. More Than React: Investigating The Role of Emoji Reaction in GitHub Pull Requests

Author

Wang, Dong, Xiao, Tao, Son, Teyon, Kula, Raula Gaikovina, Ishio, Takashi, Kamei, Yasutaka, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Open source software development has become more social and collaborative, evident GitHub. Since 2016, GitHub started to support more informal methods such as emoji reactions, with the goal to reduce commenting noise when reviewing any code changes to a repository. From a code review context, the extent to which emoji reactions facilitate a more efficient review process is unknown. We conduct an empirical study to mine 1,850 active repositories across seven popular languages to analyze 365,811 Pull Requests (PRs) for their emoji reactions against the review time, first-time contributors, comment intentions, and the consistency of the sentiments. Answering these four research perspectives, we first find that the number of emoji reactions has a significant correlation with the review time. Second, our results show that a PR submitted by a first-time contributor is less likely to receive emoji reactions. Third, the results reveal that the comments with an intention of information giving, are more likely to receive an emoji reaction. Fourth, we observe that only a small proportion of sentiments are not consistent between comments and emoji reactions, i.e., with 11.8% of instances being identified. In these cases, the prevalent reason is when reviewers cheer up authors that admit to a mistake, i.e., acknowledge a mistake. Apart from reducing commenting noise, our work suggests that emoji reactions play a positive role in facilitating collaborative communication during the review process.

Published
2023

13. Simultaneous boost radiotherapy versus conventional dose radiotherapy for patients with newly diagnosed glioblastoma: a multi-institutional analysis

Author

Takano, Seiya, Tomita, Natsuo, Kuno, Mayu, Niwa, Masanari, Torii, Akira, Takaoka, Taiki, Kita, Nozomi, Okazaki, Dai, Yamamoto, Shintaro, Kawai, Tatsuya, Sugie, Chikao, Ogawa, Yasutaka, Matsumoto, Kenichi, Uchiyama, Kaoru, Otsuka, Shinya, Matsui, Tooru, Miyakawa, Akifumi, Mizuno, Tomoki, Iida, Masato, Tanikawa, Motoki, Mase, Mitsuhito, and Hiwatashi, Akio

Published
2024
Full Text
View/download PDF

14. 18 Million Links in Commit Messages: Purpose, Evolution, and Decay

Author

Xiao, Tao, Baltes, Sebastian, Hata, Hideaki, Treude, Christoph, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Commit messages contain diverse and valuable types of knowledge in all aspects of software maintenance and evolution. Links are an example of such knowledge. Previous work on "9.6 million links in source code comments" showed that links are prone to decay, become outdated, and lack bidirectional traceability. We conducted a large-scale study of 18,201,165 links from commits in 23,110 GitHub repositories to investigate whether they suffer the same fate. Results show that referencing external resources is prevalent and that the most frequent domains other than github.com are the external domains of Stack Overflow and Google Code. Similarly, links serve as source code context to commit messages, with inaccessible links being frequent. Although repeatedly referencing links is rare (4%), 14% of links that are prone to evolve become unavailable over time; e.g., tutorials or articles and software homepages become unavailable over time. Furthermore, we find that 70% of the distinct links suffer from decay; the domains that occur the most frequently are related to Subversion repositories. We summarize that links in commits share the same fate as links in code, opening up avenues for future work.

Published
2023
Full Text
View/download PDF

15. Meta-Maintanance for Dockerfiles: Are We There Yet?

Author

Tanaka, Takeru, Hata, Hideaki, Chinthanet, Bodin, Kula, Raula Gaikovina, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Docker allows for the packaging of applications and dependencies, and its instructions are described in Dockerfiles. Nowadays, version pinning is recommended to avoid unexpected changes in the latest version of a package. However, version pinning in Dockerfiles is not yet fully realized (only 17k of the 141k Dockerfiles we analyzed), because of the difficulties caused by version pinning. To maintain Dockerfiles with version-pinned packages, it is important to update package versions, not only for improved functionality, but also for software supply chain security, as packages are changed to address vulnerabilities and bug fixes. However, when updating multiple version-pinned packages, it is necessary to understand the dependencies between packages and ensure version compatibility, which is not easy. To address this issue, we explore the applicability of the meta-maintenance approach, which aims to distribute the successful updates in a part of a group that independently maintains a common artifact. We conduct an exploratory analysis of 7,914 repositories on GitHub that hold Dockerfiles, which retrieve packages on GitHub by URLs. There were 385 repository groups with the same multiple package combinations, and 208 groups had Dockerfiles with newer version combinations compared to others, which are considered meta-maintenance applicable. Our findings support the potential of meta-maintenance for updating multiple version-pinned packages and also reveal future challenges., Comment: 10 pages

Published
2023

16. We Live in a Society: Motivators for Contributions in an OSS Ecosystem

Author

Wattanakriengkrai, Supatsara, Kula, Raula Gaikovina, Treude, Christoph, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Due to the increasing number of attacks targeting open source library ecosystems, assisting maintainers has become a top priority. This is especially important since maintainers are usually overworked. Although the motivation of Open Source developers has been widely studied, the extent to which maintainers assist libraries that they depend on is unknown. Surveying NPM developers, our early results indicate a difference in motivation between maintaining their own library (i.e., more person driven), as opposed to professional factors (i.e., focus on skills and expertise) when contributing to the software ecosystem. Finally, our thematic analysis shows different motivations and barriers developers face when contributing to the ecosystem. These results show that developers have different motivations and barriers depending on the role they play when making contributions to the ecosystem.

Published
2023

17. Intertwining Communities: Exploring Libraries that Cross Software Ecosystems

Author

Kannee, Kanchanok, Kula, Raula Gaikovina, Wattanakriengkrai, Supatsara, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Using libraries in applications has helped developers reduce the costs of reinventing already existing code. However, an increase in diverse technology stacks and third-party library usage has led developers to inevitably switch technologies and search for similar libraries implemented in the new technology. To assist with searching for these replacement libraries, maintainers have started to release their libraries to multiple ecosystems. Our goal is to explore the extent to which these libraries are intertwined between ecosystems. We perform a large-scale empirical study of 1.1 million libraries from five different software ecosystems, i.e., PyPI, CRAN, Maven, RubyGems, and NPM, to identify 4,146 GitHub repositories. As a starting point, insights from the study raise implications for library maintainers, users, contributors, and researchers into understanding how these different ecosystems are becoming more intertwined with each other., Comment: arXiv admin note: substantial text overlap with arXiv:2208.06655

Published
2023

18. Visualizing Contributor Code Competency for PyPI Libraries: Preliminary Results

Author

Febriyanti, Indira, Kula, Raula Gaikovina, Rojpaisarnkit, Ruksit, Kannee, Kanchanok, Nugroho, Yusuf Sulistyo, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Python is known to be used by beginners to professional programmers. Python provides functionality to its community of users through PyPI libraries, which allows developers to reuse functionalities to an application. However, it is unknown the extent to which these PyPI libraries require proficient code in their implementation. We conjecture that PyPI contributors may decide to implement more advanced Pythonic code, or stick with more basic Python code. Are complex codes only committed by few contributors, or only to specific files? The new idea in this paper is to confirm who and where complex code is implemented. Hence, we present a visualization to show the relationship between proficient code, contributors, and files. Analyzing four PyPI projects, we are able to explore which files contain more elegant code, and which contributors committed to these files. Our results show that most files contain more basic competency files, and that not every contributor contributes competent code. We show how~our visualization is able to summarize such information, and opens up different possibilities for understanding how to make elegant contributions., Comment: Presented at 29th Asia-Pacific Software Engineering Conference (APSEC 2022) in Early Research Achievements (ERA) category

Published
2022

19. An Exploration of Cross-Patch Collaborations via Patch Linkage in OpenStack

Author

Wang, Dong, Thongtanunam, Patanamon, Kula, Raula Gaikovina, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Contemporary development projects benefit from code review as it improves the quality of a project. Large ecosystems of inter-dependent projects like OpenStack generate a large number of reviews, which poses new challenges for collaboration (improving patches, fixing defects). Review tools allow developers to link between patches, to indicate patch dependency, competing solutions, or provide broader context. We hypothesize that such patch linkage may also simulate cross-collaboration. With a case study of OpenStack, we take a first step to explore collaborations that occur after a patch linkage was posted between two patches (i.e., cross-patch collaboration). Our empirical results show that although patch linkage that requests collaboration is relatively less prevalent, the probability of collaboration is relatively higher. Interestingly, the results also show that collaborative contributions via patch linkage are non-trivial, i.e, contributions can affect the review outcome (such as voting) or even improve the patch (i.e., revising). This work opens up future directions to understand barriers and opportunities related to this new kind of collaboration, that assists with code review and development tasks in large ecosystems.

Published
2022
Full Text
View/download PDF

20. An Empirical Study of Package Management Issues via Stack Overflow

Author

Islam, Syful, Kula, Raula Gaikovina, Treude, Christoph, Chinthanet, Bodin, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

The package manager (PM) is crucial to most technology stacks, acting as a broker to ensure that a verified dependency package is correctly installed, configured, or removed from an application. Diversity in technology stacks has led to dozens of PMs with various features. While our recent study indicates that package management features of PM are related to end-user experiences, it is unclear what those issues are and what information is required to resolve them. In this paper, we have investigated PM issues faced by end-users through an empirical study of content on Stack Overflow (SO). We carried out a qualitative analysis of 1,131 questions and their accepted answer posts for three popular PMs (i.e., Maven, npm, and NuGet) to identify issue types, underlying causes, and their resolutions. Our results confirm that end-users struggle with PM tool usage (approximately 64-72%). We observe that most issues are raised by end-users due to lack of instructions and errors messages from PM tools. In terms of issue resolution, we find that external link sharing is the most common practice to resolve PM issues. Additionally, we observe that links pointing to useful resources (i.e., official documentation websites, tutorials, etc.) are most frequently shared, indicating the potential for tool support and the ability to provide relevant information for PM end-users.

Published
2022
Full Text
View/download PDF

21. An Empirical Evaluation of Competitive Programming AI: A Case Study of AlphaCode

Author

Lertbanjongngam, Sila, Chinthanet, Bodin, Ishio, Takashi, Kula, Raula Gaikovina, Leelaprute, Pattara, Manaskasemsak, Bundit, Rungsawang, Arnon, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

AlphaCode is a code generation system for assisting software developers in solving competitive programming problems using natural language problem descriptions. Despite the advantages of the code generating system, the open source community expressed concerns about practicality and data licensing. However, there is no research investigating generated codes in terms of code clone and performance. In this paper, we conduct an empirical study to find code similarities and performance differences between AlphaCode-generated codes and human codes. The results show that (i) the generated codes from AlphaCode are similar to human codes (i.e., the average maximum similarity score is 0.56) and (ii) the generated code performs on par with or worse than the human code in terms of execution time and memory usage. Moreover, AlphaCode tends to generate more similar codes to humans for low-difficulty problems (i.e., four cases have the exact same codes). It also employs excessive nested loops and unnecessary variable declarations for high-difficulty problems, which cause low performance regarding our manual investigation. The replication package is available at https:/doi.org/10.5281/zenodo.6820681, Comment: Accepted to the 16th International Workshop on Software Clones (IWSC 2022)

Published
2022

22. Intertwining Ecosystems: A Large Scale Empirical Study of Libraries that Cross Software Ecosystems

Author

Kannee, Kanchanok, Wattanakriengkrai, Supatsara, Rojpaisarnkit, Ruksit, Kula, Raula Gaikovina, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

An increase in diverse technology stacks and third-party library usage has led developers to inevitably switch technologies. To assist these developers, maintainers have started to release their libraries to multiple technologies, i.e., a cross-ecosystem library. Our goal is to explore the extent to which these cross-ecosystem libraries are intertwined between ecosystems. We perform a large-scale empirical study of 1.1 million libraries from five different software ecosystems, i.e., PyPI for Python, CRAN for R, Maven for Java, RubyGems for Ruby, and NPM for JavaScript to identify 4,146 GitHub projects that release libraries to these five ecosystems. Analyzing their contributions, we first find that a significant majority (median of 37.5%) of contributors of these cross-ecosystem libraries come from a single ecosystem, while also receiving a significant portion of contributions (median of 24.06%) from outside their target ecosystems. We also find that a cross-ecosystem library is written using multiple programming languages. Specifically, three (i.e., PyPI, CRAN, RubyGems) out of the five ecosystems has the majority of source code is written using languages not specific to that ecosystem. As ecosystems become intertwined, this opens up new avenues for research, such as whether or not cross-ecosystem libraries will solve the search for replacement libraries, or how these libraries fit within each ecosystem just to name a few.

Published
2022

23. Bug-Fix Variants: Visualizing Unique Source Code Changes across GitHub Forks

Author

Imamura, Daigo, Ishio, Takashi, Kula, Raula Gaikovina, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Forking is a common practice for developers when building upon on already existing projects. These forks create variants, which have a common code base but then evolve the code in different directions, which is specific to that forked project requirements. An interesting side-effect of having multiple forks is the ability to select between different evolution directions of the code which is based on developers fixing bugs in the code base. However, the key issue that this decentralized form of information is difficult to analyze. In this study, we propose a visualization to analyze active changes in fork repositories that have not been merged back to the original project. Our visualization shows code commit activities in multiple forks with highlight on bug fix commits in the history of forks. While the commit activity of each repository is visualized similarly to the code frequency view of GitHub, our view shows only commits unique to fork repositories. To illustrate the effectiveness of our visualization, we have applied our view to two use cases: identifying forks from a repository no longer maintained, and identifying a bug fix among forks. In the first case, we identify a fork of a suspended project named Obfuscator-LLVM. Our view shows the original repository and its most active fork that continue the development on the top. In the second case, we identify a bug fix in a fork of Clipy project. Our view shows that the most active fork has its own bug fixes; we could easily identify a patch for the bug highlighted in the view. As a new ideas paper, we then present our outline of three research questions to spark real world use-cases and goals for our visualization has the potential to uncover. A prototype of our visualization is available at \textcolor{blue}{\url{https://naist-se.github.io/vissoft2022/}, Comment: Accepted Short Paper to VISSOFT 2022

Published
2022

24. Understanding the Role of External Pull Requests in the NPM Ecosystem

Author

Maeprasart, Vittunyuta, Wattanakriengkrai, Supatsara, Kula, Raula Gaikovina, Treude, Christoph, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

The risk to using third-party libraries in a software application is that much needed maintenance is solely carried out by library maintainers. These libraries may rely on a core team of maintainers (who might be a single maintainer that is unpaid and overworked) to serve a massive client user-base. On the other hand, being open source has the benefit of receiving contributions (in the form of External PRs) to help fix bugs and add new features. In this paper, we investigate the role by which External PRs (contributions from outside the core team of maintainers) contribute to a library. Through a preliminary analysis, we find that External PRs are prevalent, and just as likely to be accepted as maintainer PRs. We find that 26.75% of External PRs submitted fix existing issues. Moreover, fixes also belong to labels such as breaking changes, urgent, and on-hold. Differently from Internal PRs, External PRs cover documentation changes (44 out of 384 PRs), while not having as much refactoring (34 out of 384 PRs). On the other hand, External PRs also cover new features (380 out of 384 PRs) and bugs (120 out of 384). Our results lay the groundwork for understanding how maintainers decide which external contributions they select to evolve their libraries and what role they play in reducing the workload., Comment: Submitted to EMSE journal

Published
2022

25. Giving Back: Contributions Congruent to Library Dependency Changes in a Software Ecosystem

Author

Wattanakriengkrai, Supatsara, Wang, Dong, Kula, Raula Gaikovina, Treude, Christoph, Thongtanunam, Patanamon, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Popular adoption of third-party libraries for contemporary software development has led to the creation of large inter-dependency networks, where sustainability issues of a single library can have widespread network effects. Maintainers of these libraries are often overworked, relying on the contributions of volunteers to sustain these libraries. In this work, we measure contributions that are aligned with dependency changes, to understand where they come from (i.e., non-maintainer, client maintainer, library maintainer, and library and client maintainer), analyze whether they contribute to library dormancy (i.e., a lack of activity), and investigate the similarities between these contributions and developers' typical contributions. Hence, we leverage socio-technical techniques to measure the dependency-contribution congruence (DC congruence), i.e., the degree to which contributions align with dependencies. We conduct a large-scale empirical study to measure the DC congruence for the NPM ecosystem using 1.7 million issues, 970 thousand pull requests (PR), and over 5.3 million commits belonging to 107,242 NPM packages. At the ecosystem level, we pinpoint in time peaks of congruence with dependency changes (i.e., 16% DC congruence score). Surprisingly, these contributions came from the ecosystem itself (i.e., non-maintainers of either client and library). At the project level, we find that DC congruence shares a statistically significant relationship with the likelihood of a package becoming dormant. Finally, by comparing source code of contributions, we find that congruent contributions are statistically different to typical contributions. Our work has implications to encourage and sustain contributions, especially to support library maintainers that require dependency changes.

Published
2022

26. On the Use of Refactoring in Security Vulnerability Fixes: An Exploratory Study on Maven Libraries

Author

Ikegami, Ayano, Kula, Raula Gaikovina, Chinthanet, Bodin, Maeprasart, Vittunyuta, Ouni, Ali, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Third-party library dependencies are commonplace in today's software development. With the growing threat of security vulnerabilities, applying security fixes in a timely manner is important to protect software systems. As such, the community developed a list of software and hardware weakness known as Common Weakness Enumeration (CWE) to assess vulnerabilities. Prior work has revealed that maintenance activities such as refactoring code potentially correlate with security-related aspects in the source code. In this work, we explore the relationship between refactoring and security by analyzing refactoring actions performed jointly with vulnerability fixes in practice. We conducted a case study to analyze 143 maven libraries in which 351 known vulnerabilities had been detected and fixed. Surprisingly, our exploratory results show that developers incorporate refactoring operations in their fixes, with 31.9% (112 out of 351) of the vulnerabilities paired with refactoring actions. We envision this short paper to open up potential new directions to motivate automated tool support, allowing developers to deliver fixes faster, while maintaining their code., Comment: Accepted as ERA paper to EASE2022

Published
2022

27. pycefr: Python Competency Level through Code Analysis

Author

Robles, Gregorio, Kula, Raula Gaikovina, Ragkhitwetsagul, Chaiyong, Sakulniwat, Tattiya, Matsumoto, Kenichi, and Gonzalez-Barahona, Jesus M.

Subjects
Computer Science - Software Engineering
Abstract

Python is known to be a versatile language, well suited both for beginners and advanced users. Some elements of the language are easier to understand than others: some are found in any kind of code, while some others are used only by experienced programmers. The use of these elements lead to different ways to code, depending on the experience with the language and the knowledge of its elements, the general programming competence and programming skills, etc. In this paper, we present pycefr, a tool that detects the use of the different elements of the Python language, effectively measuring the level of Python proficiency required to comprehend and deal with a fragment of Python code. Following the well-known Common European Framework of Reference for Languages (CEFR), widely used for natural languages, pycefr categorizes Python code in six levels, depending on the proficiency required to create and understand it. We also discuss different use cases for pycefr: identifying code snippets that can be understood by developers with a certain proficiency, labeling code examples in online resources such as Stackoverflow and GitHub to suit them to a certain level of competency, helping in the onboarding process of new developers in Open Source Software projects, etc. A video shows availability and usage of the tool: https://tinyurl.com/ypdt3fwe., Comment: Accepted at International Conference on Program Comprehension, 2022

Published
2022

28. GitHub Sponsors: Exploring a New Way to Contribute to Open Source

Author

Shimada, Naomichi, Xiao, Tao, Hata, Hideaki, Treude, Christoph, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

GitHub Sponsors, launched in 2019, enables donations to individual open source software (OSS) developers. Financial support for OSS maintainers and developers is a major issue in terms of sustaining OSS projects, and the ability to donate to individuals is expected to support the sustainability of developers, projects, and community. In this work, we conducted a mixed-methods study of GitHub Sponsors, including quantitative and qualitative analyses, to understand the characteristics of developers who are likely to receive donations and what developers think about donations to individuals. We found that: (1) sponsored developers are more active than non-sponsored developers, (2) the possibility to receive donations is related to whether there is someone in their community who is donating, and (3) developers are sponsoring as a new way to contribute to OSS. Our findings are the first step towards data-informed guidance for using GitHub Sponsors, opening up avenues for future work on this new way of financially sustaining the OSS community., Comment: 12 pages, ICSE 2022

Published
2022
Full Text
View/download PDF

29. S\=ojiTantei: Function-Call Reachability Detection of Vulnerable Code for npm Packages

Author

Chinthanet, Bodin, Kula, Raula Gaikovina, Zapata, Rodrigo Eliza, Ishio, Takashi, Matsumoto, Kenichi, and Ihara, Akinori

Subjects
Computer Science - Software Engineering, Computer Science - Cryptography and Security
Abstract

It has become common practice for software projects to adopt third-party dependencies. Developers are encouraged to update any outdated dependency to remain safe from potential threats of vulnerabilities. In this study, we present an approach to aid developers show whether or not a vulnerable code is reachable for JavaScript projects. Our prototype, S\=ojiTantei, is evaluated in two ways (i) the accuracy when compared to a manual approach and (ii) a larger-scale analysis of 780 clients from 78 security vulnerability cases. The first evaluation shows that S\=ojiTantei has a high accuracy of 83.3%, with a speed of less than a second analysis per client. The second evaluation reveals that 68 out of the studied 78 vulnerabilities reported having at least one clean client. The study proves that automation is promising with the potential for further improvement., Comment: To be published in IEICE Transactions on Information and Systems (Special Section on Empirical Software Engineering)

Published
2021
Full Text
View/download PDF

30. An Exploration of npm Package Co-Usage Examples from Stack Overflow: A Case Study

Author

Islam, Syful, Wang, Dong, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Third-party package usage has become a common practice in contemporary software development. Developers often face different challenges, including choosing the right libraries, installing errors, discrepancies, setting up the environment, and building failures during software development. The risks of maintaining a third-party package are well known, but it is unclear how information from Stack Overflow (SO) can be useful. This paper performed an empirical study to explore npm co-usage in SO. From over 30,000 SO posts, we extracted 2,100 SO posts related to npm and matched them to 217,934 npm library packages. We find that, popular and highly used libraries are not discussed as often in SO. However, we can see that the accepted answers may prove useful, as we believe that the usage examples and executable commands could be reused for tool support.

Published
2021
Full Text
View/download PDF

31. FixMe: A GitHub Bot for Detecting and Monitoring On-Hold Self-Admitted Technical Debt

Author

Phaithoon, Saranphon, Wongnil, Supakarn, Pussawong, Patiphol, Choetkiertikul, Morakot, Ragkhitwetsagul, Chaiyong, Sunetnanta, Thanwadee, Maipradit, Rungroj, Hata, Hideaki, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Self-Admitted Technical Debt (SATD) is a special form of technical debt in which developers intentionally record their hacks in the code by adding comments for attention. Here, we focus on issue-related "On-hold SATD", where developers suspend proper implementation due to issues reported inside or outside the project. When the referenced issues are resolved, the On-hold SATD also need to be addressed, but since monitoring these issue reports takes a lot of time and effort, developers may not be aware of the resolved issues and leave the On-hold SATD in the code. In this paper, we propose FixMe, a GitHub bot that helps developers detecting and monitoring On-hold SATD in their repositories and notify them whenever the On-hold SATDs are ready to be fixed (i.e. the referenced issues are resolved). The bot can automatically detect On-hold SATD comments from source code using machine learning techniques and discover referenced issues. When the referenced issues are resolved, developers will be notified by FixMe bot. The evaluation conducted with 11 participants shows that our FixMe bot can support them in dealing with On-hold SATD. FixMe is available at https://www.fixmebot.app/ and FixMe's VDO is at https://youtu.be/YSz9kFxN_YQ., Comment: 5 pages, ASE 2021

Published
2021

32. More Than React: Investigating The Role of EmojiReaction in GitHub Pull Requests

Author

Son, Teyon, Xiao, Tao, Wang, Dong, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Context: Open source software development has become more social and collaborative, especially with the rise of social coding platforms like GitHub. Since 2016, GitHub started to support more informal methods such as emoji reactions, with the goal to reduce commenting noise when reviewing any code changes to a repository. Interestingly, preliminary results indicate that emojis do not always reduce commenting noise (i.e., eight out of 20 emoji reactions), providing evidence that developers use emojis with ulterior intentions. From a reviewing context, the extent to which emoji reactions facilitate for a more efficient review process is unknown. Objective: In this registered report, we introduce the study protocols to investigate ulterior intentions and usages of emoji reactions, apart from reducing commenting noise during the discussions in GitHub pull requests (PRs). As part of the report, we first perform a preliminary analysis to whether emoji reactions can reduce commenting noise in PRs and then introduce the execution plan for the study. Method: We will use a mixed-methods approach in this study, i.e., quantitative and qualitative, with three hypotheses to test.

Published
2021

33. Contrasting Third-Party Package Management User Experience

Author

Islam, Syful, Kula, Raula Gaikovina, Treude, Christoph, Chinthanet, Bodin, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

The management of third-party package dependencies is crucial to most technology stacks, with package managers acting as brokers to ensure that a verified package is correctly installed, configured, or removed from an application. Diversity in technology stacks has led to dozens of package ecosystems with their own management features. While recent studies have shown that developers struggle to migrate their dependencies, the common assumption is that package ecosystems are used without any issue. In this study, we explore 13 package ecosystems to understand whether their features correlate with the experience of their users. By studying experience through the questions that developers ask on the question-and-answer site Stack Overflow, we find that developer questions are grouped into three themes (i.e., Package management, Input-Output, and Package Usage). Our preliminary analysis indicates that specific features are correlated with the user experience. Our work lays out future directions to investigate the trade-offs involved in designing the ideal package ecosystem.

Published
2021

34. What makes a good Node.js package? Investigating Users, Contributors, and Runnability

Author

Chinthanet, Bodin, Reid, Brittany, Treude, Christoph, Wagner, Markus, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

The Node.js Package Manager (i.e., npm) archive repository serves as a critical part of the JavaScript community and helps support one of the largest developer ecosystems in the world. However, as a developer, selecting an appropriate npm package to use or contribute to can be difficult. To understand what features users and contributors consider important when searching for a good npm package, we conduct a survey asking Node.js developers to evaluate the importance of 30 features derived from existing work, including GitHub activity, software usability, and properties of the repository and documentation. We identify that both user and contributor perspectives share similar views on which features they use to assess package quality. We then extract the 30 features from 104,364 npm packages and analyse the correlations between them, including three software features that measure package ``runnability"; ability to install, build, and execute a unit test. We identify which features are negatively correlated with runnability-related features and find that predicting the runnability of packages is viable. Our study lays the groundwork for future work on understanding how users and contributors select appropriate npm packages., Comment: Submitted to ACM Transactions on Software Engineering and Methodology (TOSEM)

Published
2021

35. Automatic Patch Linkage Detection in Code Review Using TextualContent and File Location Features

Author

Wang, Dong, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Context: Contemporary code review tools are a popular choice for software quality assurance. Using these tools, reviewers are able to post a linkage between two patches during a review discussion. Large development teams that use a review-then-commit model risk being unaware of these linkages. Objective: Our objective is to first explore how patch linkage impacts the review process. We then propose and evaluate models that detect patch linkage based on realistic time intervals. Method: First, we carry out an exploratory study on three open source projects to conduct linkage impact analysis using 942 manually classified linkages. Second, we propose two techniques using textual and file location similarity to build detection models and evaluate their performance. Results: The study provides evidence of latency in the linkage notification. We show that a patch with the Alternative Solution linkage (i.e., patches that implement similar functionality)undergoes a quicker review and avoids additional revisions after the team has been notified, compared to other linkage types. Our detection model experiments show promising recall rates for the Alternative Solution linkage (from 32% to 95%), but precision has room for improvement. Conclusion: Patch linkage detection is promising, with likely improvements if the practice of posting linkages becomes more prevalent. From our implications, this paper lays the groundwork for future research on how to increase patch linkage awareness to facilitate efficient reviews.

Published
2021

36. Does the First Response Matter for Future Contributions? A Study of First Contributions

Author

Assavakamhaenghan, Noppadol, Wattanakriengkrai, Supatsara, Shimada, Naomichi, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Open Source Software (OSS) projects rely on a continuous stream of new contributors for their livelihood. Recent studies reported that new contributors experience many barriers in their first contribution, with the social barrier being critical. Although a number of studies investigated the social barriers to new contributors, we hypothesize that negative first responses may cause an unpleasant feeling, and subsequently lead to the discontinuity of any future contribution. We execute protocols of a registered report to analyze 2,765,917 first contributions as Pull Requests (PRs) with 642,841 first responses. We characterize most first response as being positive, but less responsive, and exhibiting sentiments of fear, joy and love. Results also indicate that negative first responses have the literal intention to arouse emotions of being either constructive (50.71%) or criticizing (37.68%) in nature. Running different machine learning models, we find that predicting future interactions is low (F1 score of 0.6171), but relatively better than baselines. Furthermore, an analysis of these models show that interactions are positively correlated with a future contribution, with other dimensions (i.e., project, contributor, contribution) having a large effect.

Published
2021

37. Code Reviews with Divergent Review Scores: An Empirical Study of the OpenStack and Qt Communities

Author

Hirao, Toshiki, McIntosh, Shane, Ihara, Akinori, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Code review is a broadly adopted software quality practice where developers critique each others' patches. In addition to providing constructive feedback, reviewers may provide a score to indicate whether the patch should be integrated. Since reviewer opinions may differ, patches can receive both positive and negative scores. If reviews with divergent scores are not carefully resolved, they may contribute to a tense reviewing culture and may slow down integration. In this paper, we study patches with divergent review scores in the OPENSTACK and QT communities. Quantitative analysis indicates that patches with divergent review scores: (1) account for 15%-37% of patches that receive multiple review scores; (2) are integrated more often than they are abandoned; and (3) receive negative scores after positive ones in 70% of cases. Furthermore, a qualitative analysis indicates that patches with strongly divergent scores that: (4) are abandoned more often suffer from external issues (e.g., integration planning, content duplication) than patches with weakly divergent scores and patches without divergent scores; and (5) are integrated often address reviewer concerns indirectly (i.e., without changing patches). Our results suggest that review tooling should integrate with release schedules and detect concurrent development of similar patches to optimize review discussions with divergent scores. Moreover, patch authors should note that even the most divisive patches are often integrated through discussion, integration timing, and careful revision., Comment: 2 pages, 1 table, Journal First, International Conference on Software Engineering 2021

Published
2021
Full Text
View/download PDF

38. Characterizing and Mitigating Self-Admitted Technical Debt in Build Systems

Author

Xiao, Tao, Wang, Dong, McIntosh, Shane, Hata, Hideaki, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Technical Debt is a metaphor used to describe the situation in which long-term software artifact quality is traded for short-term goals in software projects. In recent years, the concept of self-admitted technical debt (SATD) was proposed, which focuses on debt that is intentionally introduced and described by developers. Although prior work has made important observations about admitted technical debt in source code, little is known about SATD in build systems. In this paper, we set out to better understand the characteristics of SATD in build systems. To do so, through a qualitative analysis of 500 SATD comments in the Maven build system of 291 projects, we characterize SATD by location and rationale (reason and purpose). Our results show that limitations in tools and libraries, and complexities of dependency management are the most frequent causes, accounting for 50% and 24% of the comments. We also find that developers often document SATD as issues to be fixed later. As a first step towards the automatic detection of SATD rationale, we train classifiers to detect the two most frequently occurring reasons and the four most frequently occurring purposes of SATD in the content of comments in Maven build systems. The classifier performance is promising, achieving an F1-score of 0.71-0.79. Finally, within 16 identified 'ready-to-be-addressed' SATD instances, the three SATD submitted by pull requests and the five SATD submitted by issue reports were resolved after developers were made aware. Our work presents the first step towards understanding technical debt in build systems and opens up avenues for future work, such as tool support to track and manage SATD backlogs.

Published
2021
Full Text
View/download PDF

39. FLOSS != GitHub: A Case Study of Linux/BSD Perceptions from Microsoft's Acquisition of GitHub

Author

Kula, Raula Gaikovina, Hata, Hideki, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

In 2018, the software industry giants Microsoft made a move into the Open Source world by completing the acquisition of mega Open Source platform, GitHub. This acquisition was not without controversy, as it is well-known that the free software communities includes not only the ability to use software freely, but also the libre nature in Open Source Software. In this study, our aim is to explore these perceptions in FLOSS developers. We conducted a survey that covered traditional FLOSS source Linux, and BSD communities and received 246 developer responses. The results of the survey confirm that the free community did trigger some communities to move away from GitHub and raised discussions into free and open software on the GitHub platform. The study reminds us that although GitHub is influential and trendy, it does not representative all FLOSS communities., Comment: 5 pages

Published
2021

40. Newcomer OSS-Candidates: Characterizing Contributions of Novice Developers to GitHub

Author

Rehman, IFraz, Wang, Dong, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

The ability of an Open Source Software (OSS) project to attract, onboard, and retain any newcomer is vital to its livelihood. Although, evidence suggests an upsurge in novice developers joining social coding platforms (such as GitHub), the extent to which their activities result in a OSS contribution is unknown. Henceforth, we execute the protocols of a registered report to study activities of a "Newcomer OSS-Candidate", who is a novice developer that is new to that social coding platform, and has the intention to later onboard an OSS project. Using GitHub as a case platform, we analyze 171 identified Newcomer OSS-Candidates to characterize their contribution activities. Results show that Newcomer OSS-Candidates are likely to target software based repositories (i.e., 66%), and their first contributions are mainly associated with development (commits) and maintenance (PRs). Newcomer OSS-Candidates are less likely to practice social coding, but eventually end up onboarding (i.e., 30% quantitative, 70% follow-up survey) an OSS project. Furthermore, they cite finding a way to start as the most challenging barrier to contribute. Our work reveals insights on how newcomers to social coding platforms are potential sources of OSS contributions., Comment: Empirical Software Engineering

Published
2021

41. Automated Identification of On-hold Self-admitted Technical Debt

Author

Maipradit, Rungroj, Lin, Bin, Nagy, Csaba, Bavota, Gabriele, Lanza, Michele, Hata, Hideaki, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Modern software is developed under considerable time pressure, which implies that developers more often than not have to resort to compromises when it comes to code that is well written and code that just does the job. This has led over the past decades to the concept of "technical debt", a short-term hack that potentially generates long-term maintenance problems. Self-admitted technical debt (SATD) is a particular form of technical debt: developers consciously perform the hack but also document it in the code by adding comments as a reminder (or as an admission of guilt). We focus on a specific type of SATD, namely "On-hold" SATD, in which developers document in their comments the need to halt an implementation task due to conditions outside of their scope of work (e.g., an open issue must be closed before a function can be implemented). We present an approach, based on regular expressions and machine learning, which is able to detect issues referenced in code comments, and to automatically classify the detected instances as either "On-hold" (the issue is referenced to indicate the need to wait for its resolution before completing a task), or as "cross-reference", (the issue is referenced to document the code, for example to explain the rationale behind an implementation choice). Our approach also mines the issue tracker of the projects to check if the On-hold SATD instances are "superfluous" and can be removed (i.e., the referenced issue has been closed, but the SATD is still in the code). Our evaluation confirms that our approach can indeed identify relevant instances of On-hold SATD. We illustrate its usefulness by identifying superfluous On-hold SATD instances in open source projects as confirmed by the original developers., Comment: 11 pages, 20th IEEE International Working Conference on Source Code Analysis and Manipulation

Published
2020

42. How are Project-Specific Forums Utilized? A Study of Participation, Content, and Sentiment in the Eclipse Ecosystem

Author

Nugroho, Yusuf Sulistyo, Islam, Syful, Nakasai, Keitaro, Rehman, Ifraz, Hata, Hideaki, Kula, Raula Gaikovina, Nagappan, Meiyappan, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Although many software development projects have moved their developer discussion forums to generic platforms such as Stack Overflow, Eclipse has been steadfast in hosting their self-supported community forums. While recent studies show forums share similarities to generic communication channels, it is unknown how project-specific forums are utilized. In this paper, we analyze 832,058 forum threads and their linkages to four systems with 2,170 connected contributors to understand the participation, content and sentiment. Results show that Seniors are the most active participants to respond bug and non-bug-related threads in the forums (i.e., 66.1% and 45.5%), and sentiment among developers are inconsistent while knowledge sharing within Eclipse. We recommend the users to identify appropriate topics and ask in a positive procedural way when joining forums. For developers, preparing project-specific forums could be an option to bridge the communication between members. Irrespective of the popularity of Stack Overflow, we argue the benefits of using project-specific forum initiatives, such as GitHub Discussions, are needed to cultivate a community and its ecosystem., Comment: 33 pages, 7 figures

Published
2020

43. Predicting Defective Lines Using a Model-Agnostic Technique

Author

Wattanakriengkrai, Supatsara, Thongtanunam, Patanamon, Tantithamthavorn, Chakkrit, Hata, Hideaki, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Defect prediction models are proposed to help a team prioritize source code areas files that need Software QualityAssurance (SQA) based on the likelihood of having defects. However, developers may waste their unnecessary effort on the whole filewhile only a small fraction of its source code lines are defective. Indeed, we find that as little as 1%-3% of lines of a file are defective. Hence, in this work, we propose a novel framework (called LINE-DP) to identify defective lines using a model-agnostic technique, i.e., an Explainable AI technique that provides information why the model makes such a prediction. Broadly speaking, our LINE-DP first builds a file-level defect model using code token features. Then, our LINE-DP uses a state-of-the-art model-agnostic technique (i.e.,LIME) to identify risky tokens, i.e., code tokens that lead the file-level defect model to predict that the file will be defective. Then, the lines that contain risky tokens are predicted as defective lines. Through a case study of 32 releases of nine Java open source systems, our evaluation results show that our LINE-DP achieves an average recall of 0.61, a false alarm rate of 0.47, a top 20%LOC recall of0.27, and an initial false alarm of 16, which are statistically better than six baseline approaches. Our evaluation shows that our LINE-DP requires an average computation time of 10 seconds including model construction and defective line identification time. In addition, we find that 63% of defective lines that can be identified by our LINE-DP are related to common defects (e.g., argument change, condition change). These results suggest that our LINE-DP can effectively identify defective lines that contain common defectswhile requiring a smaller amount of inspection effort and a manageable computation cost.

Published
2020
Full Text
View/download PDF

44. Code-based Vulnerability Detection in Node.js Applications: How far are we?

Author

Chinthanet, Bodin, Ponta, Serena Elisa, Plate, Henrik, Sabetta, Antonino, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering, Computer Science - Cryptography and Security
Abstract

With one of the largest available collection of reusable packages, the JavaScript runtime environment Node.js is one of the most popular programming application. With recent work showing evidence that known vulnerabilities are prevalent in both open source and industrial software, we propose and implement a viable code-based vulnerability detection tool for Node.js applications. Our case study lists the challenges encountered while implementing our Node.js vulnerable code detector.

Published
2020

45. Newcomer Candidate: Characterizing Contributions of a Novice Developer to GitHub

Author

Rehman, Ifraz, Wang, Dong, Kula, Raula Gaikovina, Ishio, Takashi, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Context: To attract, onboard, and retain any new-comer in Open Source Software (OSS) projects is vital to their livelihood. Recent studies conclude that OSS projects risk failure due to abandonment and poor participation of newcomers. Evidence suggests more new users are joining GitHub, however, the extent to which they contribute to OSS projects is unknown. Objective: In this study, we coin the term 'newcomer candidate' to describe new users to the GitHub platform. Our objective is to track and characterize their initial contributions. As a preliminary survey, we collected 208 newcomer candidate contributions in GitHub. Using this dataset, we then plan to track their contributions to reveal insights. Method: We will use a mixed-methods approach, i.e., quantitative and qualitative, to identify whether or not newcomer candidates practice social coding, the kinds of their contributions, projects they target, and the proportion that they eventually onboard to an OSS project. Limitation: The key limitation is that our newcomer candidates are restricted to those that were collected from our preliminary survey., Comment: ICSME 2020 Registered Report

Published
2020

46. DevReplay: Automatic Repair with Editable Fix Pattern

Author

Ueda, Yuki, Ishio, Takashi, Ihara, Akinori, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering
Abstract

Static analysis tools, or linters, detect violation of source code conventions to maintain project readability. Those tools automatically fix specific violations while developers edit the source code. However, existing tools are designed for the general conventions of programming languages. These tools do not check the project/API-specific conventions. We propose a novel static analysis tool DevReplay that generates code change patterns by mining the code change history, and we recommend changes using the matched patterns. Using DevReplay, developers can automatically detect and fix project/API-specific problems in the code editor and code review. Also, we evaluate the accuracy of DevReplay using automatic program repair tool benchmarks and real software. We found that DevReplay resolves more bugs than state-of-the-art APR tools. Finally, we submitted patches to the most popular open-source projects that are implemented by different languages, and project reviewers accepted 80% (8 of 10) patches. DevReplay is available on https://devreplay.github.io.

Published
2020

47. GitHub Repositories with Links to Academic Papers: Public Access, Traceability, and Evolution

Author

Wattanakriengkrai, Supatsara, Chinthanet, Bodin, Hata, Hideaki, Kula, Raula Gaikovina, Treude, Christoph, Guo, Jin, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering, Computer Science - Digital Libraries
Abstract

Traceability between published scientific breakthroughs and their implementation is essential, especially in the case of open-source scientific software which implements bleeding-edge science in its code. However, aligning the link between GitHub repositories and academic papers can prove difficult, and the current practice of establishing and maintaining such links remains unknown. This paper investigates the role of academic paper references contained in these repositories. We conduct a large-scale study of 20 thousand GitHub repositories that make references to academic papers. We use a mixed-methods approach to identify public access, traceability and evolutionary aspects of the links. Although referencing a paper is not typical, we find that a vast majority of referenced academic papers are public access. These repositories tend to be affiliated with academic communities. More than half of the papers do not link back to any repository. We find that academic papers from top-tier SE venues are not likely to reference a repository, but when they do, they usually link to a GitHub software repository. In a network of arXiv papers and referenced repositories, we find that the most referenced papers are (i) highly-cited in academia and (ii) are referenced by repositories written in different programming languages., Comment: 28 pages

Published
2020

48. A Simulation Study of Bandit Algorithms to Address External Validity of Software Fault Prediction

Author

Hayakawa, Teruki, Tsunoda, Masateru, Toda, Koji, Nakasai, Keitaro, and Matsumoto, Kenichi

Subjects
Computer Science - Software Engineering, Computer Science - Machine Learning
Abstract

Various software fault prediction models and techniques for building algorithms have been proposed. Many studies have compared and evaluated them to identify the most effective ones. However, in most cases, such models and techniques do not have the best performance on every dataset. This is because there is diversity of software development datasets, and therefore, there is a risk that the selected model or technique shows bad performance on a certain dataset. To avoid selecting a low accuracy model, we apply bandit algorithms to predict faults. Consider a case where player has 100 coins to bet on several slot machines. Ordinary usage of software fault prediction is analogous to the player betting all 100 coins in one slot machine. In contrast, bandit algorithms bet one coin on each machine (i.e., use prediction models) step-by-step to seek the best machine. In the experiment, we developed an artificial dataset that includes 100 modules, 15 of which include faults. Then, we developed various artificial fault prediction models and selected them dynamically using bandit algorithms. The Thomson sampling algorithm showed the best or second-best prediction performance compared with using only one prediction model., Comment: 5 pages

Published
2020

49. Influence of Percutaneous Transhepatic Gallbladder Aspiration and Drainage for Severe Acute Cholecystitis on the Surgical Outcomes of Subsequent Laparoscopic Cholecystectomy: Post Hoc Analysis of the CSGO-HBP-017 (CSGO-HBP-017C)

Author

Toya, Keisuke, Tomimaru, Yoshito, Fukuchi, Nariaki, Yokoyama, Shigekazu, Mori, Takuji, Tanemura, Masahiro, Sakai, Kenji, Takeda, Yutaka, Tsujie, Masanori, Yamada, Terumasa, Miyamoto, Atsushi, Hashimoto, Yasuji, Hatano, Hisanori, Shimizu, Junzo, Sugimoto, Keishi, Kashiwazaki, Masaki, Matsumoto, Kenichi, Kobayashi, Shogo, Doki, Yuichiro, and Eguchi, Hidetoshi

Published
2024
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results