软件库依赖图谱的复杂性度量方法及其潜在应用
作者:
作者单位:

作者简介:

于海(1971-),男,博士,副教授,主要研究领域为软件测试,软件重构及软件测试技术,软件体系结构,复杂网络理论,混沌加密技术;王莹(1987-),女,博士,副教授,CCF专业会员,主要研究领域为软件重构技术,软件测试及分析.;徐美秋(1989-),女,博士生,主要研究领域为智能软件开发,软件测试和分析;杨博(1995-),女,硕士,主要研究领域为智能软件开发,软件仓库挖掘;许畅(1977-),男,博士,教授,博士生导师,CCF高级会员,主要研究领域为大数据软件工程,智能软件测试与分析,自适应和自控软件系统;朱志良(1962-),男,博士,教授,博士生导师,CCF专业会员,主要研究领域为混沌加密技术,复杂网络理论,软件测试技术

通讯作者:

王莹,wangying@swc.neu.edu.cn

中图分类号:

基金项目:

国家自然科学基金(62141210, 61932021, 61902056, 61802164, 61977014); 沈阳市中青年科技创新人才计划(ZX20200272); 中央高校基本科研业务费(N2217005); 南京大学软件新技术国家重点实验室开放基金(KFKT2021B01)


Measurement Method for Complexity of Software Library Dependency Graph and Its Potential Applications
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    在软件开发过程中, 软件库可以减少开发时间和节约成本而被广泛使用, 因此现代软件项目包含多种不同来源的代码而使得系统具有更高的复杂性和多样性. 软件库在使用的过程中常常伴随着各种风险, 如低质量或安全漏洞, 从而严重影响软件项目的质量. 通过分析与软件库的耦合强度, 来量化由软件库的依赖关系而引入客户代码的复杂性和多样性. 首先, 根据客户代码与软件库之间方法的调用关系建立软件边界图模型, 区分开客户代码和软件库的代码边界; 进而基于此提出一套软件库依赖图谱的复杂性度量指标RMS, 用以量化不同来源软件之间的耦合强度. 在实验过程中, 挖掘Apache开源社区中10个流行软件所有历史版本数据, 最终收集到7857个真实项目间依赖缺陷问题. 在上述真实数据基础上, 结合所提出的复杂性度量指标RMS, 利用假设验证方法开展实证调查研究来探讨: H1: 风险因子更高的边界节点是否更容易引入更多数量的项目间依赖缺陷; H2: 风险因子更高的边界节点会是否更容易引入严重等级高的项目间依赖缺陷; H3: RMS度量指标数值多大程度地影响了引入项目间依赖缺陷数量和严重等级. 实验结果表明, 根据RMS度量指标评估, 与软件库耦合度更高的边界节点容易引入更多数量且严重等级高的项目间依赖缺陷. 与传统复杂性度量指标对比, RMS度量指标较大程度地影响了引入项目间依赖缺陷的数量和严重等级.

    Abstract:

    In the process of software development, software libraries are widely used as they can reduce development time and costs. Consequently, modern software projects contain code from different sources, which makes the systems highly complex and diversified. In addition, various risks come along with the usage of software libraries, such as low quality or security vulnerabilities, seriously affecting the quality of software projects. By analyzing the intensity of the coupling with software libraries, this study quantifies the complexity and diversity introduced by the dependence on the software libraries to the client code. For this purpose, a software boundary graph (SBG) model is constructed according to the method invocation relationships of the client code with the software libraries to distinguish their code boundaries. Then, a metric suite RMS for the complexity of the software library dependency graph is proposed on the basis of the SBG model to quantify the intensity of the coupling with the software from different sources. In the experiment, this study mines the data on all the historical versions of 10 popular software in the Apache open-source community and finally collects 7857 dependency defects among real-world projects. With the above-mentioned real-world data, empirical investigation based on hypothesis testing is conducted according to the proposed complexity metric suite RMS to discuss the following issues: H1: whether boundary nodes with higher risk factors are more likely to introduce more inter-project dependency defects; H2: whether boundary nodes with higher risk factors are more likely to introduce serious inter-project dependency defects; H3: what is the extent to which the value of the metric suite RMS affects the number and severity of introduced inter-project dependency defects. Experimental results show that according to the evaluation with the RMS, the boundary nodes exhibiting higher coupling degrees with the software libraries are more likely to introduce more inter-project dependency defects with higher severity. Moreover, compared with traditional complexity metrics, RMS greatly influences the number and severity of introduced inter-project dependency defects.

    参考文献
    相似文献
    引证文献
引用本文

于海,王莹,徐美秋,杨博,许畅,朱志良.软件库依赖图谱的复杂性度量方法及其潜在应用.软件学报,2023,34(11):5282-5311

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2021-09-18
  • 最后修改日期:2022-03-11
  • 录用日期:
  • 在线发布日期: 2023-06-16
  • 出版日期:
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号