Akito Monden

Software quality analysis by code clones in industrial legacy software

Existing research suggests that the code clone (duplicated code) is one of the factors that degrades the design and the structure of software and lowers the software quality such as readability and changeability. However, the influence of code clones on software quality has not been quantitatively clarified yet. We have tried to quantitatively clarify the relation between code clones and the software reliability and maintainability of twenty year old software. As a result, we found that modules having code clones (clone-included modules) are more reliable than modules having no code clone (non-clone modules) on average. Nevertheless, the modules having very large code clones (more than 200 SLOC) are less reliable than non-clone modules. We also found that clone-included modules are less maintainable (having greater revision number on average) than non-clone modules; and, modules having larger code clone are less maintainable than modules having smaller code clone.

A practical method for watermarking Java programs

Java programs distributed through the Internet are now suffering from program theft. This is because Java programs can be easily decomposed into reusable class files and even decompiled into source code by program users. We propose a practical method that discourages program theft by embedding Java programs with a digital watermark. Embedding a program developers copyright notation as a watermark in Java class files will ensure the legal ownership of class files. Our embedding method is indiscernible by program users, yet enables us to identify an illegal program that contains stolen class files. The result of the experiment to evaluate our method showed most of the watermarks (20 out of 23) embedded in class files survived two kinds of attacks that attempt to erase watermarks: an obfuscactor attack, and a decompile-recompile attack.

Revisiting common bug prediction findings using effort-aware models

Bug prediction models are often used to help allocate software quality assurance efforts (e.g. testing and code reviews). Mende and Koschke have recently proposed bug prediction models that are effort-aware. These models factor in the effort needed to review or test code when evaluating the effectiveness of prediction models, leading to more realistic performance evaluations. In this paper, we revisit two common findings in the bug prediction literature: 1) Process metrics (e.g., change history) outperform product metrics (e.g., LOC), 2) Package-level predictions outperform file-level predictions. Through a case study on three projects from the Eclipse Foundation, we find that the first finding holds when effort is considered, while the second finding does not hold. These findings validate the practical significance of prior findings in the bug prediction literature and encourage their adoption in practice.

Exploiting self-modification mechanism for program protection

In this paper, we present a new method to protect software against illegal acts of hacking. The key idea is to add a mechanism of self-modifying codes to the original program, so that the original program becomes hard to be analyzed. In the binary program obtained by the proposed method, the original code fragments we want to protect are camouflaged by dummy instructions. Then, the binary program autonomously restores the original code fragments within a certain period of execution, by replacing the dummy instructions with the original ones. Since the dummy instructions are completely different from the original ones, code hacking fails if the dummy instructions are read as they are. Moreover, the dummy instructions are scattered over the program, therefore, they are hard to be identified. As a result, the proposed method helps to construct highly invulnerable software without special hardware.

The Effects of Over and Under Sampling on Fault-prone Module Detection

The goal of this paper is to improve the prediction performance of fault-prone module prediction models (fault-proneness models) by employing over/under sampling methods, which are preprocessing procedures for a fit dataset. The sampling methods are expected to improve prediction performance when the fit dataset is unbalanced, i.e. there exists a large difference between the number of fault-prone modules and not-fault-prone modules. So far, there has been no research reporting the effects of applying sampling methods to fault-proneness models. In this paper, we experimentally evaluated the effects of four sampling methods (random over sampling, synthetic minority over sampling, random under sampling and one-sided selection) applied to four fault-proneness models (linear discriminant analysis, logistic regression analysis, neural network and classification tree) by using two module sets of industry legacy software. All four sampling methods improved the prediction performance of the linear and logistic models, while neural network and classification tree models did not benefit from the sampling methods. The improvements of Fl-values in linear and logistic models were 0.078 at minimum, 0.224 at maximum and 0.121 at the mean.

An analysis of developer metrics for fault prediction

Background: Software product metrics have been widely used as independent variables for constructing a fault prediction model. However, fault injection depends not only on characteristics of the products themselves, but also on characteristics of developers involved in the project. Aims: The goal of this paper is to study the effects of developer features on software reliability. Method: This paper proposes developer metrics such as the number of code churns made by each developer, the number of commitments made by each developer and the number of developers for each module. By using the eclipse project dataset, we experimentally analyzed the relationship between the number of faults and developer metrics. Second, the effective of developer metrics for performance improvements of fault prediction models were evaluated. Results: The result revealed that the modules touched by more developer contained more faults. Compared with conventional fault prediction models, developer metrics improved the prediction performance. Conclusions: We conclude that developer metrics are good predictor of faults and we must consider the human factors for improving the software reliability.

Java Birthmarks —Detecting the Software Theft—

To detect the theft of Java class files efficiently, we propose a concept of Java birthmarks, which are unique and native characteristics of every class file. For a pair of class files p and q, if q has the same birthmark as ps, q is suspected as a copy of p. Ideally, the birthmarks should satisfy the following properties: (a) preservation -- the birthmarks should be preserved even if the original class file is tampered with, and (b) distinction -- independent class files must be distinguished by completely different birthmarks. Taking (a) and (b) into account, we propose four types of birthmarks for Java class files. To show the effectiveness of the proposed birthmarks, we conduct three experiments. In the first experiment, we demonstrate that the proposed birthmarks are sufficiently robust against automatic program transformation (93.3876% of the birthmarks were preserved). The second experiment shows that the proposed birthmarks successfully distinguish non-copied files in a practical Java application (97.8005% of given class files were distinguished). In the third experiment, we exploit different Java compilers to confirm that the proposed Java birthmarks are core characteristics independent of compiler-specific issues.

A recommendation system for software function discovery

Since some application software provides users with too many functions, it is often difficult to find those that are useful. This paper proposes a recommendation system based on a collaborative filtering approach to let users discover useful functions at low cost for the purpose of improving productivity when using application software. The proposed system automatically collects histories of software function execution (usage histories) from many users through the Internet. Based on the collaborative filtering approach, collected histories are used for recommending a set of candidate functions that may be useful to the individual user. This paper illustrates conventional filtering algorithms and proposes a new algorithm suitable for recommendation of software functions. The result of an experiment with a prototype recommendation system showed that the average ndpm of our algorithm was smaller than that of conventional algorithms, and it also showed that the standard deviation of ndpm of our algorithm was smaller than that of conventional algorithms. Furthermore, while every conventional algorithm had a case whose recommendation was worse than the random algorithm, our algorithm did not.

Button selection for general GUIs using eye and hand together

This paper proposes an efficient technique for eye gaze interface suitable for the general GUI environments such as Microsoft Windows. Our technique uses an eye and a hand together: the eye for moving cursors onto the GUI button (move operation), and the hand for pushing the GUI button (push operation). We also propose the following two techniques to assist the move operation: (1) Automatic adjustment and (2) Manual adjustment. In the automatic adjustment, the cursor automatically moves to the closest GUI button when we push a mouse button. In the manual adjustment, we can move the cursor roughly by an eye, then move it a little more by the mouse onto the GUI button. In the experiment to evaluate our method, GUI button selection by manual adjustment showed better performance than the selection by a mouse even in the situation that has many small GUI buttons placed very closely each other on the GUI.

Defect Data Analysis Based on Extended Association Rule Mining

This paper describes an empirical study to reveal rules associated with defect correction effort. We defined defect correction effort as a quantitative (ratio scale) variable, and extended conventional (nominal scale based) association rule mining to directly handle such quantitative variables. An extended rule describes the statistical characteristic of a ratio or interval scale variable in the consequent part of the rule by its mean value and standard deviation so that conditions producing distinctive statistics can be discovered As an analysis target, we collected various attributes of about 1,200 defects found in a typical medium-scale, multi-vendor (distance development) information system development project in Japan. Our findings based on extracted rules include: (l)Defects detected in coding/unit testing were easily corrected (less than 7% of mean effort) when they are related to data output or validation of input data. (2)Nevertheless, they sometimes required much more effort (lift of standard deviation was 5.845) in case of low reproducibility, (i)Defects introduced in coding/unit testing often required large correction effort (mean was 12.596 staff-hours and standard deviation was 25.716) when they were related to data handing. From these findings, we confirmed that we need to pay attention to types of defects having large mean effort as well as those having large standard deviation of effort since such defects sometimes cause excess effort.