This paper focuses on the “data collection period” for training a better Just-In-Time (JIT) defect prediction model — the early commit data vs. the recent one —, and conducts a large-scale comparative study to explore an appropriate data collection period. Since there are many possible machine learning algorithms for training defect prediction models, the selection of machine learning algorithms can become a threat to validity. Hence, this study adopts the automatic machine learning method to mitigate the selection bias in the comparative study. The empirical results using 122 open-source software projects prove the trend that the dataset composed of the recent commits would become a better training set for JIT defect prediction models.

Larger object classes often become more costly classes in the maintenance phase of object-oriented software. Consequently class would have to be constructed in a medium or small size. In order to discuss such desirable size, this paper proposes a simple method for predictively discriminating costly classes in version-upgrades, using a class size metric, Stmts. Concretely, a threshold value of class size (in Stmts) is provided through empirical studies using many Java classes. The threshold value succeeded as a predictive discriminator for about 73% of the sample Java classes.

In software development, comprehensive software reviews and testings are important activities to preserve high quality and to control maintenance cost. However it would be actually difficult to perform comprehensive software reviews and testings because of a lot of components, a lack of manpower and other realistic restrictions. To improve performances of reviews and testings in object-oriented software, this paper proposes a novel model for detecting cost-prone classes; the model is based on Mahalanobis-Taguchi method--an extended statistical discriminant method merging with a pattern recognition approach. Experimental results using a lot of Java software are provided to statistically demonstrate that the proposed model has a high ability for detecting cost-prone classes.

This paper focuses on the power of comments to predict fault-prone programs. In general, comments along with executable statements enhance the understandability of programs. However, comments may also be used to mask the lack of readability in the program, therefore well-written comments are referred to as “deodorant to mask code smells” in the field of code refactoring. This paper conducts an empirical analysis to examine whether Lines of Comments (LCM) written inside a method's body is a noteworthy metric for analyzing fault-proneness in Java methods. The empirical results show the following two findings: (1) more-commented methods (the methods having more comments than the amount estimated by size and complexity of the methods) are about 1.6 - 2.8 times more likely to be faulty than the others, and (2) LCM can be a useful factor in fault-prone method prediction models along with the method size and the method complexity.

In this paper, we represent a class structure using directed graph in which each node corresponds to each member of the class. To quantify the dependence relationship among members, we define weighted closure. Using this quantified relationship and effort equation proposed by M. H. Halstead, we propose a metric for class structural complexity.

Cohesion is an important software attribute, and it is one of significant criteria for assessing object-oriented software quality. Although several metrics for measuring cohesion have been proposed, there is an aspect which has not been supported by those existing metrics, that is "cohesive-part size." This paper proposes a new metric focusing on "cohesive-part size," and evaluates it in both of qualitative and quantitative ways, with a mathematical framework and an experiment measuring some Java classes, respectively. Through those evaluations, the proposed metric is showed to be a reasonable metric, and not redundant one. It can collaborate with other existing metrics in measuring class cohesion, and will contribute to more accurate measurement.

Once a bug is reported, it is a major concern whether or not the bug is resolved (closed) soon. This paper examines seven metrics quantifying the amount of clues to the early close of reported bugs through a case study. The results show that one of the metrics, the similarity to already-closed bug reports, is strongly related to early-closed bugs.

SAS-2 is an alternative of a one-time password authentication protocol SAS, and is developed in order to reduce overhead due to the use of hash functions. The idea of both algorithms is sharing a similar secret number called the verifier that allows a client to be authenticated and that is changed for each new session. However, some of the combinations proposed in [1] to transmit the verifier may contain a security flaw, and the insecure combination results in vulnerability to impersonation attacks.

Properly representation of the complexity of class structure will be useful in object oriented software developments. Although some class complexity metrics have been proposed, they have ignored directions of coupling relationships among methods and attributes, such as whether a method writes data onto an attribute or reads data from the attribute. In this paper, we use a directed graph model to represent such coupling relationships. Based on the directed graph model, we propose a metric of class structural complexity. The proposed metric satisfies necessary conditions of complexity metric suggested by Briand and others. The following fact is showed by experimental data of Java classes. While the proposed metric follows a conventional metric, the proposed metric can capture an aspect of class structural complexity which is lost by the conventional one.

This paper focuses on differences in comment densities among individual programmers, and proposes to adjust the conventional code complexity metric (the cyclomatic complexity) by using the abnormality of the comment density. An empirical study with nine popular open source Java products (including 103,246 methods) shows that the proposed metric performs better than the conventional one in predicting change-prone methods; the proposed metric improves the area under the ROC curve (AUC) by about 3.4% on average.

Code clones are duplicated or similar code fragments, and they have been known as major entities affecting the software maintainability. Sometimes there are “co-changes” in pair of code clones: when a code fragment is changed, the clone of the fragment is also changed. Such a co-change is one of key event to discuss the successful management of code clone. This paper analyzes the trends of co-changed code clones by using the length and the content of code clones. The empirical results show that: (1) there would be a specific length of clone to be mostly co-changed (around 60-100 tokens), and (2) code clones without any “control flow keywords” have a higher possibility to be co-changed than the others.