检索结果-内蒙古大学图书馆

How do annotations affect java code readability?

学校读者我要写书评

暂无评论

arXiv 2024年

作者： Guerra, Eduardo Gomes, Everaldo Ferreira, Jeferson Wiese, Igor Lima, Phyllipe Gerosa, Marco Meirelles, Paulo Free University of Bozen-Bolzano Italy University of São Paulo Brazil SONDA Brazil Federal Technological University of Paraná Brazil Federal University of Itajubá Brazil Northern Arizona University United States

Context: Code annotations have gained widespread popularity in programming languages, offering developers the ability to attach metadata to code elements to define custom behaviors. Many modern frameworks and APIs use annotations to keep integration less verbose and located nearer to the corresponding code element. Despite these advantages, practitioners' anecdotal evidence suggests that annotations might negatively affect code readability. Objective: To better understand this effect, this paper systematically investigates the relationship between code annotations and code readability. Method: In a survey with software developers (n=332), we present 15 pairs of java code snippets with and without code annotations. These pairs were designed considering five categories of annotation used in real-world java frameworks and APIs. Survey participants selected the code snippet they considered more readable for each pair and answered an open question about how annotations affect the code's readability. Results: Preferences were scattered for all categories of annotation usage, revealing no consensus among participants. The answers were spread even when segregated by participants' programming or annotation-related experience. Nevertheless, some participants showed a consistent preference in favor or against annotations across all categories, which may indicate a personal preference. Our qualitative analysis of the open-ended questions revealed that participants often praise annotation impacts on design, maintainability, and productivity but expressed contrasting views on understandability and code clarity. Conclusions: Software developers and API designers can consider our results when deciding whether to use annotations, equipped with the insight that developers express contrasting views of the annotations' impact on code readability. Copyright © 2024, The Authors. All rights reserved.

关键词： java programming language

Less Is More: A Mixed-Methods Study on Security-Sensitive API Calls in java for Better Dependency Selection

学校读者我要写书评

暂无评论

arXiv 2024年

作者： Rahman, Imranur Paramitha, Ranindya Plate, Henrik Wermke, Dominik Williams, Laurie North Carolina State University United States Università degli Studi di Trento Italy Endor Labs

[Background:] Security-sensitive APIs provide access to security-sensitive resources, e.g., the filesystem or network resources. Including such API calls—directly or through dependencies—increases the application’s attack surface. An example of such a phenomenon is Log4Shell, which rendered many applications vulnerable due to network-related capabilities (JNDI lookup) in log4j package. Before the Log4Shell incident, alternate logging libraries to log4j were available that do not make JNDI lookup calls. [Problem:] The impact of such an incident would be minimal if information about network-related API calls by logging libraries were available to the developers. And so the lack of visibility into the calls to these security-sensitive APIs by functionally similar open-source packages makes it difficult for developers to use them as a dependency selection criterion. [Goal:] The goal of this study is to aid developers in selecting their dependency by understanding security-sensitive APIs in their dependency through call graph analysis. [Methodology:] We conducted a mixed-methods study with 45 java packages and defined a list of 219 security-sensitive APIs. We categorized these 219 APIs into 3 themes and 15 categories. We then used call graph analysis to analyze the prevalence of these APIs in our selected package versions, with and without their dependencies. Finally, we conducted a survey with open-source developers (110 respondents) showing the comparison of functionally similar packages w.r.t. security-sensitive API calls to understand the usefulness of this API information in the dependency selection process. [Result:] The number of security-sensitive API calls of functionally similar packages can vary from 0 to 368 in one API category and 0 to 429 in total. Our survey results show that 73% developers agree that information about the number and type of security-sensitive API calls of functionally similar packages would have been useful in their dependency selection.

关键词： java programming language

An LLM-based Readability Measurement for Unit Tests’ Context-aware Inputs

学校读者我要写书评

暂无评论

arXiv 2024年

作者： Zhou, Zhichao Tang, Yutian Lin, Yun He, Jingzhu School of Information Science and Technology ShanghaiTech University China The Shanghai Jiao Tong University China University of Glasgow United Kingdom

Automated test techniques usually generate unit tests with higher code coverage than manual tests. However, the readability of automated tests is crucial for code comprehension and maintenance. The readability of unit tests involves many aspects. In this paper, we focus on test inputs. The central limitation of existing studies on input readability is that they focus on test codes alone without taking the tested source codes into consideration, making them either ignore different source codes’ different readability requirements or require manual efforts to write readable inputs. However, we observe that the source codes specify the contexts that test inputs must satisfy. Based on such observation, we introduce the Context Consistency Criterion (a.k.a, C3), which is a readability measurement tool that leverages Large language Models to extract primitive-type (including string-type) parameters’ readability contexts from the source codes and checks whether test inputs are consistent with those contexts. We have also proposed EvoSuiteC3. It leverages C3’s extracted contexts to help EvoSuite generate readable test inputs. We have evaluated C3’s performance on 409 java classes and compared manual and automated tests’ readability under C3 measurement. The results are two-fold. First, The Precision, Recall, and F1-Score of C3’s mined readability contexts are 84.4%, 83%, and 83.7%, respectively. Second, under C3’s measurement, the string-type input readability scores of EvoSuiteC3, ChatUniTest (an LLM-based test generation tool), manual tests, and two traditional tools (EvoSuite and Randoop) are 90%, 83%, 68%, 8%, and 8%, showing the traditional tools’ inability in generating readable string-type inputs. We have conducted a survey based on the questionnaires collected from 30 programmers with varied backgrounds. The results reveal that when C3 identifies readable differences between tests, programmers tend to give similar opinions of the test’s readability of C3. © 2024, CC

关键词： java programming language

Multi-Scale Molecular Dynamics Simulations

学校读者我要写书评

暂无评论

arXiv 2024年

作者： Boussinot, Frédéric

In molecular dynamics (MD), systems are molecules made up of atoms, and the aim is to determine their evolution over time. MD is based on a numerical resolution algorithm, whose role is to apply the forces generated by the various components, according to the equations of Newtonian physics. Molecular Dynamics is currently mainly used in materials science and molecular biology. In this document, we limit ourselves to alkanes which are non-cyclic carbon-hydrogenated chains. In the basic "All-atom" (AA) scale, all the atoms are directly simulated. In the "United-atom" (UA) scale, one considers grains that are composed of a carbon atom with the hydrogen atoms attached to it. Grains in the "Coarse-grained" (CG) scale are composed of two consecutive UA grains. In the multi-scale approach, one tries to use as much as possible the UA and CG scales which can be more efficiently simulated than the AA scale. In this document, we mainly put the focus on three topics. First, we describe an MD system, implemented in the java programming language, according to the Synchronous Reactive programming approach in which there exists a notion of a global logical time. This system is used to simulate molecules and also to build the potentials functions at the UA and CG scales. Second, two methods to derive UA and CG potentials from AA potentials are proposed and analysed. Basically, both methods rely on strong geometrical links with the AA scale. We use these links with AA to determine the forms and values of the UA and CG potentials. In the first method (called "inverse-Boltzmann"), one considers data produced during several AA scale molecule simulations, and one processes these data using a statistical approach. In the second method ("minimisation method"), one applies a constrained-minimisation technique to AA molecules. The most satisfactory method clearly appears to be the minimisation-based one. The UA potentials we have determined have standard forms: they only differ from AA poten

关键词： java programming language

Breaking-Good: Explaining Breaking Dependency Updates with Build Analysis

学校读者我要写书评

暂无评论

arXiv 2024年

作者： Reyes, Frank Baudry, Benoit Monperrus, Martin Université de Montréal Montréal Canada KTH Royal Institute of Technology Stockholm Sweden

Dependency updates often cause compilation errors when new dependency versions introduce changes that are incompatible with existing client code. Fixing breaking dependency updates is notoriously hard, as their root cause can be hidden deep in the dependency tree. We present Breaking-Good, a tool that automatically generates explanations for breaking updates. Breaking-Good provides a detailed categorization of compilation errors, identifying several factors related to changes in direct and indirect dependencies, incompatibilities between java versions, and client-specific configuration. With a blended analysis of log and dependency trees, Breaking-Good generates detailed explanations for each breaking update. These explanations help developers understand the causes of the breaking update, and suggest possible actions to fix the breakage. We evaluate Breaking-Good on 243 real-world breaking dependency updates. Our results indicate that Breaking-Good accurately identifies root causes and generates automatic explanations for 70% of these breaking updates. Our user study demonstrates that the generated explanations help developers. Breaking-Good is the first technique that automatically identifies the causes of a breaking dependency update and explains the breakage accordingly. Copyright © 2024, The Authors. All rights reserved.

关键词： java programming language

Compilation of Commit Changes within java Source Code Repositories

学校读者我要写书评

暂无评论

arXiv 2024年

作者： Schott, Stefan Fischer, Wolfram Ponta, Serena Elisa Klauke, Jonas Bodden, Eric Paderborn University Paderborn Germany SAP Security Research Mougins France Paderborn University Fraunhofer IEM Paderborn Germany

java applications include third-party dependencies as bytecode. To keep these applications secure, researchers have proposed tools to re-identify dependencies that contain known vulnerabilities. Yet, to allow such re-identification, one must obtain, for each vulnerability patch, the bytecode fixing the respective vulnerability at first. Such patches for dependencies are curated in databases in the form of fix-commits. But fix-commits are in source code, and automatically compiling whole java projects to bytecode is notoriously hard, particularly for non-current versions of the code. In this paper, we thus propose JESS, an approach that largely avoids this problem by compiling solely the relevant code that was modified within a given commit. JESS reduces the code, retaining only those parts that the committed change references. To avoid name-resolution errors, JESS automatically infers stubs for references to entities that are unavailable to the compiler. A challenge is here that, to facilitate the above mentioned re-identification, JESS must seek to produce bytecode that is almost identical to the bytecode which one would obtain by a successful compilation of the full project. An evaluation on 347 GitHub projects shows that JESS is able to compile, in isolation, 72% of methods and constructors, of which 89% have bytecode equal to the original one. Furthermore, on the Project KB database of fix-commits, in which only 8% of files modified within the commits can be compiled with the provided build scripts, JESS is able to compile 73% of all files that these commits modify. © 2024, CC BY.

关键词： java programming language

Open Source Prover in the Attic

学校读者我要写书评

暂无评论

arXiv 2024年

作者： Kovacs, Zoltan Vujic, Alexander The Private University College of Education of the Diocese of Linz Austria

The well known JGEX program became open source a few years ago, but seemingly, further development of the program can only be done without the original authors. In our project, we are looking at whether it is possible to continue such a large project as a newcomer without the involvement of the original authors. Is there a way to internationalize, fix bugs, improve the code base, add new features? In other words, to save a relic found in the attic and polish it into a useful everyday tool. © 2024, CC BY.

关键词： java programming language

Wandercode: An Interaction Design for Code Recommenders to Reduce Information Overload, Ease Exploration, and Save Screen Space

学校读者我要写书评

暂无评论

arXiv 2024年

作者： Henley, Austin Z. Shepherd, David Fleming, Scott D. Carnegie Mellon University United States Louisiana State University United States University of Memphis United States

In this paper, we present Wandercode, a novel interaction design for recommender systems that recommend code locations to aid programmers in software development tasks. In particular, our design aims to improve upon prior designs by reducing information overload, by better supporting the exploration of recommendations, and by making more efficient use of screen space. During our design process, we developed a set of design dimensions to aid others in the design of code recommenders. To validate our design, we implemented a prototype of our design as an Atom code editor extension with support for the java programming language, and conducted an empirical user evaluation comparing our graph-based Wandercode design to a control design representative of prior list-based interaction designs for code recommenders. The results showed that, compared with the control design, Wandercode helped participants complete tasks more quickly, reduced their cognitive load, and was viewed more favorably by participants. © 2024, CC BY.

关键词： java programming language

SWE-bench-java: A GitHub Issue Resolving Benchmark for java

学校读者我要写书评

暂无评论

arXiv 2024年

作者： Zan, Daoguang Huang, Zhirong Yu, Ailun Lin, Shaoxin Shi, Yifan Liu, Wei Chen, Dong Qi, Zongshuai Yu, Hao Yu, Lei Ran, Dezhi Zeng, Muhan Shen, Bo Bian, Pan Liang, Guangtai Guan, Bei Huang, Pengjie Xie, Tao Wang, Yongji Wang, Qianxiang Chinese Academy of Science China Peking University China Huawei Co. Ltd. China Lingzhi-Zhiguang Co. Ltd China

GitHub issue resolving is a critical task in software engineering, recently gaining significant attention in both industry and academia. Within this task, SWE-bench [1] has been released to evaluate issue resolving capabilities of large language models (LLMs), but has so far only focused on Python version. However, supporting more programming languages is also important, as there is a strong demand in industry. As a first step toward multilingual support, we have developed a java version of SWE-bench, called SWE-bench-java-verified. We have publicly released the dataset, along with the corresponding Docker-based evaluation environment and leaderboard, which will be continuously maintained and updated in the coming months. To verify the reliability of SWE-bench-java-verified, we implement a classic method SWE-agent [2] and test several powerful LLMs on it. As is well known, developing a high-quality multi-lingual benchmark is time-consuming and labor-intensive, so we welcome contributions through pull requests or collaboration to accelerate its iteration and refinement, paving the way for fully automated programming. © 2024, CC BY.

关键词： java programming language