Rainer Koschke

Universität Bremen | Uni Bremen · Computer Science

This paper presents a study in which we compared the visualization of code smells in Code Cities with classical tabular representations. We conducted a controlled experiment with 20 participants who had to solve six tasks in both environments. We evaluated the results of our experiment statistically and came to the following conclusions: In four ta...

An important aspect in software visualization is the visualization of relations between elements. Examples include function calls across source-code files, software clones, and the like. A popular means of visualizing such relations are edges depicted as lines visually connecting the related elements. To diminish the visual clutter that can occur w...

The two authors of this chapter were among the founding participants of the First International Workshop on Software Clone Detection (IWSCD)—nowadays known as the International Workshop on Software Clones (IWSC). This chapter briefly summarizes the history of this community-building workshop from its early days until today. IWSC(D) has had not only...

Identifying similar code fragments, referred to as code clones, is beneficial in software re-engineering and maintenance. Various visualization techniques have been developed to present cloning information for programmers in a more useful and comprehensible manner. This chapter provides a summary of state of the art in visualizing software clones,...

NURBS, B-Splines, and Bézier curves have a wide range of applications. One of them is software visualization, where these kinds of splines are often used to depict relations between objects in a visually appealing manner. For example, several visualization techniques make use of hierarchical edge bundles to reduce the visual clutter that can occur...

italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Feature Location (FL) is a core software maintenance activity that aims to locate observable functionalities in the source code. Given its key role in software change, a vast array of Feature Location Techniques (FLTs) have been proposed but, as more a...

Program understanding is a time-consuming and tedious activity for software developers. Manually building abstractions from source code requires in-depth analysis of the code. Automatic extraction of such models is possible, but cannot derive meaningful abstractions that are not already contained in the code. The automated extraction even has probl...

Knowing code clones (similar code fragments) is helpful in software maintenance and re-engineering. As clone detectors return huge numbers of clones, visualization techniques have been proposed to make cloning information more comprehensible and useful for programmers. We present a mapping study of clone visualization techniques, classifying visual...

Duplicated code or code clones are a kind of code smell that have both positive and negative impacts on the development and maintenance of software systems. Software clone research in the past mostly focused on the detection and analysis of code clones, while research in recent years extends to the whole spectrum of clone management. In the last de...

Program understanding is a prerequisite for several software activities, such as maintenance, evolution, and re-engineering. Code in itself is so detailed that it is often hard to understand. More abstract models describing its behaviour may ease program understanding. Manually building understandable abstractions from complex source code-as an exp...

The extraction of state machines from complex software systems can be very useful to understand the behavior of a software, which is a prerequisite for other software activities, such as maintenance, evolution and reengineering. However, using static analysis to extract state machines from real-world embedded software often leads to models that can...

State machines are a commonly used formalism for specifying the behavior of a software component, which could also be helpful for program comprehension. Therefore, it is desirable to extract state machine models from code and also from legacy models. The main drawback of fully-automatic state machine mining approaches is that the mined models are t...

This paper reports experiences in using the reflexion method to reverse engineer the architecture of an industrial Java application and to specify the target architecture for an architectural refactoring in order to steer the refactoring of the code and to measure progress. The goal in this industrial case study was to clean up obsolete code after...

High-level design models are often used for describing the behavior or structure of a software system. It is generally much easier and more adequate to understand a software system on this level than on the level of individual code lines. Such models are also created by developers as they gain an understanding of the software. Unfortunately, these...

Program understanding is a time-consuming and tedious activity for software developers. Manually building abstractions from source code requires in-depth analysis of the code in the first place. Model mining can support program comprehension by semi-automatically extracting high-level models from code. One potentially helpful model is a state machi...

Having similar code fragments, also called clones, in software systems can lead to unnecessary comprehension, review and change efforts. Syntactically similar clones can often be encountered in practice. The same is not clear for only functionally similar clones (FSC). We conducted an exploratory survey among developers to investigate whether they...

State machines are an established formalism for specifying the behavior of a software component. Unfortunately, such design models often do not exist at all, especially for legacy code, or they are lost or not kept up to date during software evolution – although they would be very helpful for program comprehension. Therefore, it is desirable to ext...

Architectural risk analysis is an important aspect of developing software that is free of security flaws. Knowledge on architectural flaws, however, is sparse, in particular in small or medium-sized enterprises. In this paper, we propose a practical approach to architectural risk analysis that leverages Microsoft’s threat modeling. Our technique de...

Clone detection can be used to achieve diverse objectives such as refactoring, program understanding, bug localization, and plagiarism detection, etc. Each goal takes a different perspective on clone information needs. Different clone detection tools report different information about clones. To gauge the suitability of a given clone detector for a...

Research in program comprehension has evolved considerably over the past decades. However, only little is known about how developers practice program comprehension in their daily work. This article reports on qualitative and quantitative research to comprehend the strategies, tools, and knowledge used for program comprehension. We observed 28 profe...

Duplicated source code-clones-is known to occur frequently in software systems and bears the risk of inconsistent updates of the code. The impact of clones has been investigated mostly by retrospective analysis of software systems. Only little effort has been spent to investigate human interaction when dealing with clones. A previous study by Chatt...

Detecting a similar code between two systems has various applications such as comparing two software variants or versions or finding potential license violations. Techniques detecting suspiciously similar code must scale in terms of resources needed to very large code corpora and need to have high precision because a human needs to inspect the resu...

Feature component maps describe which software components are needed to implement a particular feature, and they are used early in processes to develop a product line based on existing assets. This paper describes a new technique to derive the feature component map and additional dependencies utilizing dynamic information and concept analysis. The...

Duplicated code or code clones are a kind of code smell that have both positive and negative impacts on the development and maintenance of software systems. Software clone research in the past mostly focused on the detection and analysis of code clones, while research in recent years extends to the whole spectrum of clone management. In the last de...

Software Clones are identical or similar pieces of code, models or designs. In IWSC2014, we will discuss issues in software clone detection, analysis and management, as well as applications to software engineering contexts that can benefit from knowledge of clones. These are important emerging topics in software engineering research and practice. W...

Token-based clone detection techniques are known for their scalability, high recall, and robustness against syntax errors and incomplete code. They, however, may yield clones that are syntactically incomplete and they know very little about the syntactic structure of their reported clones. Hence, their results cannot immediately be used for automat...

It is often claimed that duplicated source code is a threat to the maintainability of a software system and that developers should manage code duplication. A previous study analyzed the evolution of four software systems and found a remarkable discrepancy between code clones detected by a state-of-the-art clone detector and those deliberately remov...

Software Clones are identical or similar pieces of code, models or designs. In this, the 7th International Workshop on Software Clones (IWSC), we will discuss issues in software clone detection, analysis and management, as well as applications to software engineering contexts that can benefit from knowledge of clones. These are important emerging t...

Security is getting more and more important for the software development process as the advent of more complex, connected and extensible software entails new risks. In particular, multi-tier business applications, e.g., based on the Service-Oriented Architecture (SOA), are vulnerable to new attacks, which may endanger the business processes of an o...

SUMMARY Finding, understanding and managing software clones—passages of duplicated source code—is of large interest in research and practice. Analyzing the evolution of clones across multiple versions of a program adds value to both applications. Although there is an abundance of techniques to detect clones, current approaches are limited to a sing...

As more and more companies shift to a product line approach, supporting the evolution of software product lines becomes increasingly important. While today already significant work exists along the lines of quality analysis for software product lines, there is much less work that addresses the evolution scenario. In this paper, we briefly describe...

The Consumer Electronics Working Group (CEWG) in the Linux Foundation has identified several problems in the re-use process of embedded Linux software for consumer electronic devices. Among these is the increasing fragmentation of Linux derivatives. Vendors of electronic devices copy the Linux sources and make their modifications to adapt it to the...

Software security is an emerging area in software development. More and more vulnerabilities are published and highlight the endangerment of systems. Hence, software designers and programmers are increasingly faced with the need to apply security solutions to software systems. Security patterns are best practices to handle recurring security prob-l...

Research in program comprehension has considerably evolved over the past two decades. However, only little is known about how developers practice program comprehension under time and project pressure, and which methods and tools proposed by researchers are used in industry. This paper reports on an observational study of 28 professional developers...

Various program complexity measures have been proposed to assess maintainability. Only relatively few empirical studies have been conducted to back up these assessments through empirical evidence. Researchers have mostly conducted controlled experiments or correlated metrics with indirect maintainability indicators such as defects or change frequen...

Detecting license violations of source code requires to compare a suspected system against a very large corpus of source code, for instance, the Debian source distribution. Thus, techniques detecting suspiciously similar code must scale in terms of resources needed. In addition to that, high precision of the detection is necessary because a human n...

This report documents the program and the outcomes of Dagstuhl Seminar 12071 "Software Clone Management Towards Industrial Application". Software clones are identical or similar pieces of code or design. A lot of research has been devoted to software clones. Unlike previous research, this seminar put a particular emphasis on industrial application...

A protocol defines the sequencing constraints for the operations that can be applied to an object. Quante introduced a protocol recovery technique that is able to extract protocols from existing software by means of dynamic analysis. This approach represents the behavior as object process graphs (OPG). OPGs are a projection of the control flow grap...

Very often a defect must be corrected not only in the current version of a program at one particular place but in many places and many other versions -- possibly even in different development branches. Consequently, we need a technique to efficiently locate all approximate matches of an arbitrary defective code fragment in the program's history as...

Code Clones - duplicated source fragments - are said to increase maintenance effort and to facilitate problems caused by inconsistent changes to identical parts. While this is certainly true for some clones and certainly not true for others, it is unclear how many clones are real threats to the system's quality and need to be taken care of. Our ana...

Code reuse through copying and pasting leads to so-called software clones. These clones can be roughly categorized into identical fragments (type-1 clones), fragments with parameter substitution (type-2 clones), and similar fragments that differ through modified, deleted, or added statements (type-3 clones). Although there has been extensive resear...

Software clones are identical or similar pieces of code, design or other artifacts. Clones are known to be closely related to various issues in software engineering, such as software quality, complexity, architecture, refactoring, evolution, licensing, plagiarism, and so on. Various characteristics of software systems can be uncovered through clone...

Testing is an important and cost-intensive part of the software development life cycle. Defect prediction models try to identify error-prone components, so that these can be tested earlier or more in-depth, and thus improve the cost-effectiveness during testing. Such models have been researched extensively, but whether and when they are applicable...

Interrupted and blocked tasks are a daily reality for professional programmers. Unfortunately, the strategies programmers use to recover lost knowledge and rebuild context when resuming work have not yet been well studied. In this paper, we describe ...

Security patterns are best practices to handle re-curring security problems. Existing classifications for security patterns consider only a small number of patterns, and their purpose is often focused on implementations issues. Therefore we identify missing aspects in existing classifications and introduce a new classification scheme based on appli...

Software clones are identical or similar pieces of code. They are often the result of copy--and--paste activities as ad-hoc code reuse by programmers. Software clones research is of high relevance for the industry. Many researchers have reported high rates of code cloning in both industrial and open-source systems. In this workshop we will explore...

Defect Prediction Models aim at identifying error-prone modules of a software system to guide quality assurance activities such as tests or code reviews. Such models have been actively researched for more than a decade, with more than 100 published research papers. However, most of the models proposed so far have assumed that the cost of applying q...

Architecture conformance checking is implemented in many commercial and research tools. These tools typically implement the reflex ion analysis originally proposed by Murphy and Not kin. This analysis allows for structural validation of an architecture model against a source model connected by a mapping from source entities onto architecture entiti...

Program comprehension is an important activity in software maintenance, as software must be sufficiently understood before it can be properly modified. The study of a program's execution, known as dynamic analysis, has become a common technique in this respect and has received substantial attention from the research community, particularly over the...

Over the last decade many techniques and tools for software clone detection have been proposed. In this paper, we provide a qualitative comparison and evaluation of the current state-of-the-art in clone detection techniques and tools, and organize the large amount of information into a coherent conceptual framework. We begin with background concept...

Finding, understanding and managing software clones -- passages of duplicated source code - is of large interest in research and practice. There is an abundance of techniques to detect clones. However, all these techniques are limited to a single revision of a program. When the code changes, the analysis must be run again from scratch even though o...

Software clones are identical or similar pieces of code. They are often a result of copying and pasting as an act of ad-hoc reuse by programmers. Software clones research is of high relevance for industry. Many researchers have reported high rates of cloning in both industrial as well as open-source systems.Many techniques exist that try to detect...

In case new functionality is required, which is similar to the existing one, developers often copy the code that implements the existing functionality and adjust the copy to the new requirements. The result of the copying is code growth. If developers face maintenance problems, because of the need to make changes multiple times for the original and...

Code reuse through copying and pasting leads to so-called software clones. These clones can be roughly categorized into identical fragments (type-1 clones), fragments with parameter substitution (type-2 clones), and similar fragments that differ through modified,deleted, or added statements (type-3 clones). Although there has been extensive researc...

Defect Prediction Models aim at identifying error-prone parts of a software system as early as possible. Many such models have been proposed, their evaluation, however, is still an open question, as recent publications show. An important aspect often ignored during evaluation is the effort reduction gained by using such models. Models are usually e...

A plethora of defect prediction models has been proposed and empirically evaluated, often using standard classification performance measures. In this paper, we explore defect prediction models for a large, multi-release software system from the telecommunications domain. A history of roughly 3 years is analyzed to extract process and static code me...

Reusing software through copying and pasting is a continuous plague in software development despite the fact that it creates serious maintenance problems. Various techniques have been proposed to find duplicated redundant code (also known as software clones). A recent study has compared these techniques and shown that token-based clone detection ba...

Ad-hoc reuse through copy-and-paste occurs frequently in practice affecting the evolvability of software. This paper summarizes the state of the art in software clone management (detection, tracking, presentation, assessing, removal, changing) and the empirical knowledge we have gained so far. In the course of the summary, the paper identifies furt...

Software product lines (SPL) can be used to create and maintain different variants of software-intensive systems by explicitly managing variability. Often, SPLs are organized as an SPL core, common to all products, upon which product-specific components are built. Following the so called grow-and-prune model, SPLs may be evolved by copy&paste at la...

A trace is a record of the execution of a computer program, showing the sequence of operations executed. A trace may be obtained through static or dynamic analysis. An object trace contains only those operations that relate to a particular object.Traces can be very large for longer system executions. Moreover, they lack structure because they do no...

Design abstractions such as components, modules, subsystems or packages are often not made explicit in the implementation of legacy systems. Indeed, often the abstractions that are made explicit turn out to be inappropriate for future evolution agendas. This can make the maintenance, evolution and refactoring of these systems difficult. In this pub...

In diesem Paper wird die Untersuchung beschrieben, ob sich mit Hilfe von einfachen Refactorings Klone aus einem bestehenden,System in der Sprache C so ent- fernen lassen, dass die f¨ ur Software im Automobilumfeld geltenden nichtfunktionalen Anforderungen nicht negativ beeinflusst werden. Motivation hierf¨ ur ist die Tatsache, dass kopierter Quellt...

Das zehnj¨ ahrige Jubil¨ aum,des deutschsprachigen Reengineering-Workshops WSR in Bad Honnef gibt Anlass, auch auf die eigene Arbeit zur¨ uck zu blicken, die thematisch mit dem,WSR so eng verbunden,ist. Unsere Forschergruppe Bauhaus be- sch¨ aftigt sich schon seit zw¨ olf Jahren mit dem,Thema Software-Reengineering und verwandten,Themen. Und seit B...

Software-Systeme enthalten in der Praxis h¨ aufig einen hohen Grad redun- danten Quelltextes - so genannte Klone. Von solcher Software-Redundanz wird ange- nommen, dass sie bei der Entwicklung und Wartung von Software zu zus¨ atzlichem Aufwand und Problemen f¨ uhrt. Ein Ziel der Klonforschung besteht darin, Methoden und Werkzeuge f¨ ur den Um- gang...

Software architectures are described by different views which depend upon the concerns of the respective stakeholders. Far too often, software architectures are not documented sufficiently. In such cases, an architecture description must be reconstructed when changes to the system are to be made. This article summarizes the current state of the ar...

Ad-hoc reuse through copy-and-paste occurs frequently in practice affecting the evolvability of software. Researchers have investigated ways to locate and remove duplicated code. Empirical studies have explored the root causes and effects of duplicated code and the evolution of duplicated code. This chapter summarizes the state of the art in detect...