Modern Code Reviews—Survey of Literature and Practice

ACM Transactions on Software Engineering and Methodology, Год журнала: 2023, Номер 32(4), С. 1 - 61

Опубликована: Фев. 24, 2023

Background: Modern Code Review (MCR) is a lightweight alternative to traditional code inspections. While secondary studies on MCR exist, it unknown whether the research community has targeted themes that practitioners consider important. Objectives: The objectives are provide an overview of research, analyze practitioners' opinions importance investigate alignment between and practice, propose future avenues. Method: We conducted systematic mapping study survey state art until including 2021, employed Q-Methodology perception relevance analyzed primary studies' impact. Results: 244 studies, resulting in five themes. As result 1,300 data points, we found respondents positive about investigating impact product quality process properties. In contrast, they negative human factor- support systems-related research. Conclusion: These results indicate misalignment deemed important by most respondents. Researchers should focus solutions can improve practice. agenda potentially increase

Язык: Английский

---

An empirical study on self-admitted technical debt in modern code review

Information and Software Technology, Год журнала: 2022, Номер 146, С. 106855 - 106855

Опубликована: Фев. 5, 2022

Язык: Английский

---

What makes a code review useful to OpenDev developers? An empirical investigation

Empirical Software Engineering, Год журнала: 2023, Номер 29(1)

Опубликована: Ноя. 22, 2023

Язык: Английский

---

Towards understanding code review practices for infrastructure-as-code: An empirical study on OpenStack projects

Empirical Software Engineering, Год журнала: 2025, Номер 30(3)

Опубликована: Апрель 26, 2025

Язык: Английский

---

Symptoms of Architecture Erosion in Code Reviews: A Study of Two OpenStack Projects

Опубликована: Март 1, 2022

The phenomenon of architecture erosion can negatively impact the maintenance and evolution software systems, manifest in a variety symptoms during development. While is often considered rather late, its act as early warnings to developers, if detected time. In addition static source code analysis, reviews be detecting subsequently taking action. this study, we investigate discussed reviews, well their trends, actions taken by developers. Specifically, conducted an empirical study with two most active Open Source Software (OSS) projects OpenStack community (i.e., Nova Neutron). We manually checked 21,274 review comments retrieved keyword search random selection, identified 502 (from 472 discussion threads) that discuss erosion. Our findings show (1) proportion low, yet notable frequently are architectural violation, duplicate functionality, cyclic dependency; (2) declining trend OSS indicates tends stabilize over time; (3) identify have positive on removing symptoms, but few still remain ignored results suggest provides practical way reduce symptoms; analyzing help get insight about status avoid potential risk

Язык: Английский

---

Code smells detection via modern code review: a study of the OpenStack and Qt communities

Empirical Software Engineering, Год журнала: 2022, Номер 27(6)

Опубликована: Июль 4, 2022

Язык: Английский

---

Automating Method Naming with Context-Aware Prompt-Tuning

Опубликована: Май 1, 2023

Method names are crucial to program comprehension and maintenance. Recently, many approaches have been proposed automatically recommend method detect inconsistent names. Despite promising, their results still suboptimal considering the three following drawbacks: 1) These models mostly trained from scratch, learning two different objectives simultaneously. The misalignment between will negatively affect training efficiency model performance. 2) enclosing class context is not fully exploited, making it difficult learn abstract functionality of method. 3) Current name consistency checking methods follow a generate-then-compare process, which restricts accuracy as they highly rely on quality generated face difficulty measuring semantic consistency.In this paper, we propose an approach named AUMENA AUtomate MEthod NAming tasks with context-aware prompt-tuning. Unlike existing deep based approaches, our first learns contextualized representation(i.e., attributes) programming language natural through pre-training model, then exploits capacity knowledge large prompt-tuning precisely more accurate To better identify semantically consistent names, task two-class classification problem, avoiding limitation previous approaches. Experiment reflect that scores 68.6%, 72.0%, 73.6%, 84.7% four datasets recommendation, surpassing state-of-the-art baseline by 8.5%, 18.4%, 11.0%, 12.0%, respectively. And 80.8% checking, reaching 5.5% outperformance. All data publicly available.

Язык: Английский

---

Revisiting Technical Debt Types and Indicators for Software Systems

Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing, Год журнала: 2024, Номер unknown, С. 834 - 841

Опубликована: Апрель 8, 2024

Technical Debt (TD) 1 term in software systems was introduced over two decades ago and remains a critical concern development. It has the potential to evolve into liability that necessitates refactoring or rewriting code time. Regardless of its significance, there exists notable gap literature concerning comprehensive list technical debt indicators. The purpose this study is re-evaluate existing TD categorization extend indicators offer complete validated Type Indicator list. In study, we adopted qualitative research approach used mapping expert opinion techniques as approach. number extracted from formal 60 which extended 92 by reviewing gray literature. This then subjected review, with their feedback, grew an additional 21%. Consequently, present 10 distinct types, accompanied 120 would aid identification, resolution minimizing risks costs associated

Язык: Английский

---

Toward effective secure code reviews: an empirical study of security-related coding weaknesses

Empirical Software Engineering, Год журнала: 2024, Номер 29(4)

Опубликована: Июнь 8, 2024

Abstract Identifying security issues early is encouraged to reduce the latent negative impacts on software systems. Code review a widely-used method that allows developers manually inspect modified code, catching during development cycle. However, existing code studies often focus known vulnerabilities, neglecting coding weaknesses, which can introduce real-world are more visible through review. The practices of reviews in identifying such weaknesses not yet fully investigated. To better understand this, we conducted an empirical case study two large open-source projects, OpenSSL and PHP. Based 135,560 comments, found reviewers raised concerns 35 out 40 weakness categories. Surprisingly, some related past as memory errors resource management, were discussed less than vulnerabilities. Developers attempted address many cases (39%-41%), but substantial portion was merely acknowledged (30%-36%), went unfixed due disagreements about solutions (18%-20%). This highlights slip even when identified. Our findings suggest identify various leading reviews. these results also reveal shortcomings current practices, indicating need for effective mechanisms or support increasing awareness issue management

Язык: Английский

---

Chain of Targeted Verification Questions to Improve the Reliability of Code Generated by LLMs

Опубликована: Июль 10, 2024

Язык: Английский

---