Takashi Ishio scite author profile

Links are an essential feature of the World Wide Web, and source code repositories are no exception. However, despite their many undisputed benefits, links can suffer from decay, insufficient versioning, and lack of bidirectional traceability. In this paper, we investigate the role of links contained in source code comments from these perspectives. We conducted a large-scale study of around 9.6 million links to establish their prevalence, and we used a mixed-methods approach to identify the links' targets, purposes, decay, and evolutionary aspects. We found that links are prevalent in source code repositories, that licenses, software homepages, and specifications are common types of link targets, and that links are often included to provide metadata or attribution. Links are rarely updated, but many link targets evolve. Almost 10% of the links included in source code comments are dead. We then submitted a batch of link-fixing pull requests to open source software repositories, resulting in most of our fixes being merged successfully. Our findings indicate that links in source code comments can indeed be fragile, and our work opens up avenues for future work to address these problems.12 https://stackoverflow.com/q/312443 13 We used LWP::UserAgent and LWP::RobotUA.

show abstract

Extracting Sequence Diagram from Execution Trace of Java Program

Taniguchi

Ishio

Kamiya

et al.

View full text Add to dashboard Cite

Lags in the release, adoption, and propagation of npm vulnerability fixes

et al. 2021

View full text Add to dashboard Cite

Security vulnerability in third-party dependencies is a growing concern not only for developers of the affected software, but for the risks it poses to an entire software ecosystem, e.g., Heartbleed vulnerability. Recent studies show that developers are slow to respond to the threat of vulnerability, sometimes taking four to eleven months to act. To ensure quick adoption and propagation of a release that contains the fix (fixing release), we conduct an empirical investigation to identify lags that may occur between the vulnerable release and its fixing release (package-side fixing release). Through a preliminary study of 231 package-side fixing release of npm projects on GitHub, we observe that a fixing release is rarely released on its own, with up to 85.72% of the bundled commits being unrelated to a fix. We then compare the package-side fixing release with changes on a client-side (client-side fixing release). Through an empirical study of the adoption and propagation tendencies of 1,290 package-side fixing releases that impact throughout a network of 1,553,325 releases of npm packages, we find that stale clients require additional migration effort, even if the package-side fixing release was quick (i.e., package-side fixing releasetypeSpatch). Furthermore, we show the influence of factors such as the branch that the package-side fixing release lands on and the severity of vulnerability on its propagation. In addition to these lags we identify and characterize, this paper lays the groundwork for future research on how to mitigate propagation lags in an ecosystem.

show abstract

Search-based software library recommendation using multi-objective optimization

Ouni

Kula

Kessentini

et al. 2017

Information and Software Technology

View full text Add to dashboard Cite

Visualizing the Evolution of Systems and Their Library Dependencies

Kula

Roover

Germán

et al. 2014

View full text Add to dashboard Cite

Abstract-System maintainers face several challenges stemming from a system and its library dependencies evolving separately. Novice maintainers may lack the historical knowledge required to efficiently manage an inherited system. While some libraries are regularly updated, some systems keep a dependency on older versions. On the other hand, maintainers may be unaware that other systems have settled on a different version of a library. In this paper, we visualize how the dependency relation between a system and its dependencies evolves from two perspectives. Our system-centric dependency plots (SDP) visualize the successive library versions a system depends on over time. The radial layout and heat-map metaphor provide visual clues about the change in dependencies along the system's release history. From this perspective, maintainers can navigate to a library-centric dependants diffusion plot (LDP). The LDP is a time-series visualization that shows the diffusion of users across the different versions of a library. We demonstrate on real-world systems how maintainers can benefit from our visualizations through four case scenarios.

show abstract

Trusting a library: A study of the latency to adopt the latest Maven release

Kula

Germán

Ishio

et al. 2015

View full text Add to dashboard Cite

Program slicing tool for effective software evolution using aspect-oriented technique

Ishio

Kusumoto

Inoue

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Takashi Ishio

Do developers update their library dependencies?

9.6 Million Links in Source Code Comments: Purpose, Evolution, and Decay

Extracting Sequence Diagram from Execution Trace of Java Program

Lags in the release, adoption, and propagation of npm vulnerability fixes

Search-based software library recommendation using multi-objective optimization

Visualizing the Evolution of Systems and Their Library Dependencies

Trusting a library: A study of the latency to adopt the latest Maven release

Program slicing tool for effective software evolution using aspect-oriented technique

Contact Info

Product

Resources

About