Vikrant Kaulgud

Software Clustering: Unifying Syntactic and Semantic Features

Software clustering is an important technique for extracting high level component architecture from the underlying source code. One of the limitations of the existing approaches is that most of the proposed techniques use only similar types of features for estimating distance between source code elements. Therefore, in cases, where the selected features are poorly present in the source code, these techniques may not produce good quality results in absence of adequate inputs to work on. In this paper we propose an approach to overcome this limitation. Proposed approach uses a combination of multiple types of features together and applies automated weighing on the extracted features to enhance their information quality and to reduce noise. We define a way to estimate distance between code elements in terms of combination of multiple types of features. Weighted graph partitioning with a multi-objective global modularity criterion is used to select the clusters as architectural components. We describe methods for automated labeling of the extracted components and for generating inter-component interactions. We further discuss how the suggested approach extends to clustering at multiple hierarchical levels, to application portfolios, and even for improving precision for the feature location problem.

A social network based study of software team dynamics

Members of software project teams have specific roles and responsibilities which are formally defined during project inception or at the start of a life cycle activity. Often, the team structure undergoes spontaneous changes as delivery deadlines draw near and critical tasks have to be completed. Some members -- depending on their skill or seniority -- need to take on more responsibilities, while others end up being peripheral to the projects execution. We posit that this kind of ad hoc reorganization of a teams structure can be discerned from the projects bug tracker. In this paper, we extract a social network from the bug log of a real life software system and apply ideas from social network analysis to understand how the positions of individual team members in the network relate to their organizational seniority, project roles, and geographic locations that define the formal team structure. In addition to providing insights on individual team members for the system studied, our approach can serve as a framework for analyzing team dynamics of software projects.

Studying team evolution during software testing

Software development teams are one of the most dynamic entities of any software development project. While the individuals are assigned planned roles at the start of any project, during the course of the project, the team constitution, structure, relationships and roles change. Such changes are often spontaneous and constitute the evolution of the team along different phases of the software development lifecycle. As software development is a team effort, these dynamics may have a significant effect on the development lifecycle itself. This work is aimed at studying the evolution of project teams and gathering insights that can be correlated with project health and outcomes. In this study we apply social network analysis techniques to investigate team evolution in a project in its testing phase. While the questions and insights that we investigate in this paper are valid and useful for all phases of the software development lifecycle, we have focused on software testing phase as it one of the most critical phases in the lifecycle. Our work aims to provide insights in the changes in team interactions and individual roles as the testing process continues and can help find if the same is aligned to the planned and desired project behavior.

Insights into component testing process

Effective component testing (or commonly termed as Unit Testing) is important to control defect slippage into the testing stage. Often testing teams lack in-process visibility into the effectiveness of ongoing component testing. Using project data such as code coverage and schedule and effort estimates, we generate temporal and rate-based insights into component testing effectiveness. A simple composite metric is used for measuring and forecasting the health of the component testing process. The early warning signals, based on the forecast and associated insights, lead teams to take proactive actions for improving component testing. In our ongoing experimental studies, we have observed that use of these insights cause a substantial reduction in defect slippage.

A XaaS Savvy Automated Approach to Composite Applications

Applications have evolved significantly over time - from monolithic and self contained, to numerous plug gable apps available on various platforms these days. Modern applications their functionality as services in varying level of granularity and domains. This paradigm of Everything as a Service (XaaS), provides a dynamic environment wherein multiple smaller applications can be rapidly composed to create complex applications. Such composite applications would allow for efficient re-use of the existing applications and their services, instead of more traditional model of building everything from scratch. The intent of this paper is to demonstrate our initial work to implement an end-to-end delivery system in an enterprise scenario. We propose an automated algorithm to utilize a composers input to match available services and create a composite plan or a manifest which is then used to quickly orchestrate the composite application in real-time. We have implemented our approach on our internal enterprise cloud using Puppet.

Building Enterprise-Grade Internet of Things Applications.

The last few years have seen two key trends maturing in the industry: IoT and Big Data. These trends build on more than a decade of research in both academia and industry. As the cost of instrumentation and microprocessor chips has declined, it is now possible to monitor the environment on a widening scale. The cost decline is matched by cloud computing (exposed as web services) that provides infrastructure for storage and processing. Furthermore, on top of cloud, advances in big data tools/techniques provide a platform to analyze and understand the massive amount of data. But data generated from IoT is expected not only to be Big (volume) but also Fast (velocity). Data analysis and machine learning will play a key role in unlocking the value generated by IoT data. The Internet of Things (IoT) can be thought of in terms of connecting and combining the above mentioned elements. Combination of all these elements at various levels (e.g., physical objects, cloud service, mobile with rich user interfaces, analytics) will allow access and analysis of an enormous amount of fast data, which could be used to improve efficiency and performance of the whole enterprise. Moreover, it opens the possibilities of developing IoT applications in novel scenarios such as smart metering, smart electric car recharge stations, retail & logistics, and so on. An important challenge that needs to be addressed is to enable the rapid development of IoT applications. Similar challenges have already been addressed in the closely related fields of Wireless Sensor and Actuator Networks (WSANs) and Pervasive/Ubiquitous computing. While the main challenge in the former is largely limited to similar nodes, the primary concern in the latter largely has been the heterogeneity of physical objects. The upcoming field of IoT will include both WSANs as well as heterogeneous physical objects, in addition to this it brings heterogeneity at various levels (e.g., physical objects, cloud services, smart phones with rich user interfaces, analytics). Therefore, Software Engineering (SE) support for IoT applications is needed to develop methodologies, abstractions, and techniques. Nevertheless, so far this topic has received very little attention by SE community.

Adoption and use of new metrics in a large organization: A case study

The success of a software development project is linked to the ability of the project team to deliver high quality artifacts within the budget and on schedule. Thus, a holistic and in-process view of various software metrics that help characterize the current health and future trajectory of the project is crucial. However, these metrics need to be at the right level of granularity and be derived objectively from the project environment to be effective and useful. While the metric literature is rich with proposals of specific metrics and their formulation, there are very few studies which discuss how organizations respond to introduction of such metrics and how they are used and adopted. In this paper, we present such a study on a set of metrics embodied by a framework called PIVoT. This study aims at evaluating the impact of PIVoT, a tool for in-process and non-invasive monitoring of project health, and performing a fine-grained analysis of the adoption of metrics and insights this tool embodies. Here, we present and discuss the results of this survey which are based on feedback from 9 project groups. The results indicate that projects leveraged PIVoT and its metrics well and it aided them to take specific actions that helped their projects. Along with identifying the composite metrics which the project teams find most actionable and insightful, the survey shows that in most cases PIVoT helped them showcase their project to upper management.

CDI: Cost of development index

Managing costs and yet delivering high quality is an essential balancing act in software development projects. Usually, cost management is perceived as a process concern, leading to a disjoint view of team costs and delivered quality. We have proposed a new metric, CDI, that integrates the cost parameter with the quality of the code, to provide managers in a coherent understanding of the trade-off between cost management and quality. The metric is integrated in to an automated tool, making it easy for project teams to adopt the metric in real-life large projects.

Natural language requirements quality analysis based on business domain models

Quality of requirements written in natural language has always been a critical concern in software engineering. Poorly written requirements lead to ambiguity and false interpretation in different phases of a software delivery project. Further, incomplete requirements lead to partial implementation of the desired system behavior. In this paper, we present a model for harvesting domain (functional or business) knowledge. Subsequently we present natural language processing and ontology based techniques for leveraging the model to analyze requirements quality and for requirements comprehension. The prototype also provides an advisory to business analysts so that the requirements can be aligned to the expected domain standard. The prototype developed is currently being used in practice, and the initial results are very encouraging.

Detecting SOQL-injection vulnerabilities in SalesForce applications

The two most common web-attacks used by hackers to steal data are SQL-injection and cross-site scripting (XSS). These are examples of taint vulnerabilities where maliciously crafted code (for example, a SQL query) is injected into a Web application by embedding it inside innocuous looking user inputs. We present the design of TRAP (Taint Removal and Analysis Platform), a static data-flow analysis tool to detect SOQL-injection problems in SalesForce applications. TRAP is designed to be language independent as it uses an XML intermediate language called STAC (STatic Analysis Code), on which the analysis is done. Currently, we have implemented STAC compilers for Apex and Java.