@article{smith_johnson_murphy-hill_chu_lipford_2019, title={How Developers Diagnose Potential Security Vulnerabilities with a Static Analysis Tool}, volume={45}, ISSN={["1939-3520"]}, DOI={10.1109/TSE.2018.2810116}, abstractNote={While using security tools to resolve security defects, software developers must apply considerable effort. Success depends on a developer's ability to interact with tools, ask the right questions, and make strategic decisions. To build better security tools and subsequently help developers resolve defects more accurately and efficiently, we studied the defect resolution process—from the questions developers ask to their strategies for answering them. In this paper, we report on an exploratory study with novice and experienced software developers. We equipped them with Find Security Bugs, a security-oriented static analysis tool, and observed their interactions with security vulnerabilities in an open-source system that they had previously contributed to. We found that they asked questions not only about security vulnerabilities, associated attacks, and fixes, but also questions about the software itself, the social ecosystem that built the software, and related resources and tools. We describe the strategic successes and failures we observed and how future tools can leverage our findings to encourage better strategies.}, number={9}, journal={IEEE TRANSACTIONS ON SOFTWARE ENGINEERING}, author={Smith, Justin and Johnson, Brittany and Murphy-Hill, Emerson and Chu, Bill and Lipford, Heather Richter}, year={2019}, month={Sep}, pages={877–897} }
 @article{imtiaz_middleton_chakraborty_robson_bai_murphy-hill_2019, title={Investigating the Effects of Gender Bias on GitHub}, ISSN={["0270-5257"]}, DOI={10.1109/ICSE.2019.00079}, abstractNote={Diversity, including gender diversity, is valued by many software development organizations, yet the field remains dominated by men. One reason for this lack of diversity is gender bias. In this paper, we study the effects of that bias by using an existing framework derived from the gender studies literature.We adapt the four main effects proposed in the framework by posing hypotheses about how they might manifest on GitHub,then evaluate those hypotheses quantitatively. While our results how that effects of gender bias are largely invisible on the GitHub platform itself, there are still signals of women concentrating their work in fewer places and being more restrained in communication than men.}, journal={2019 IEEE/ACM 41ST INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2019)}, author={Imtiaz, Nasif and Middleton, Justin and Chakraborty, Joymallya and Robson, Neill and Bai, Gina and Murphy-Hill, Emerson}, year={2019}, pages={700–711} }
 @article{murphy-hill_sadowski_head_daughtry_macvean_jaspan_winter_2018, title={Discovering API Usability Problems at Scale}, DOI={10.1145/3194793.3194795}, abstractNote={Software developers' productivity can be negatively impacted by using APIs incorrectly. In this paper, we describe an analysis technique we designed to find API usability problems by comparing successive file-level changes made by individual software developers. We applied our tool, StopMotion, to the file histories of real developers doing real tasks at Google. The results reveal several API usability challenges including simple typos, conceptual API misalignments, and conflation of similar APIs.}, journal={2018 IEEE/ACM 2ND INTERNATIONAL WORKSHOP ON API USAGE AND EVOLUTION (WAPI)}, author={Murphy-Hill, Emerson and Sadowski, Caitlin and Head, Andrew and Daughtry, John and Macvean, Andrew and Jaspan, Ciera and Winter, Collin}, year={2018}, pages={14–17} }
 @article{mcnamara_smith_murphy-hill_2018, title={Does ACM's Code of Ethics Change Ethical Decision Making in Software Development?}, DOI={10.1145/3236024.3264833}, abstractNote={Ethical decisions in software development can substantially impact end-users, organizations, and our environment, as is evidenced by recent ethics scandals in the news. Organizations, like the ACM, publish codes of ethics to guide software-related ethical decisions. In fact, the ACM has recently demonstrated renewed interest in its code of ethics and made updates for the first time since 1992. To better understand how the ACM code of ethics changes software-related decisions, we replicated a prior behavioral ethics study with 63 software engineering students and 105 professional software developers, measuring their responses to 11 ethical vignettes. We found that explicitly instructing participants to consider the ACM code of ethics in their decision making had no observed effect when compared with a control group. Our findings suggest a challenge to the research community: if not a code of ethics, what techniques can improve ethical decision making in software engineering?}, journal={ESEC/FSE'18: PROCEEDINGS OF THE 2018 26TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING}, author={McNamara, Andrew and Smith, Justin and Murphy-Hill, Emerson}, year={2018}, pages={729–733} }
 @article{barik_ford_murphy-hill_parnin_2018, title={How Should Compilers Explain Problems to Developers?}, DOI={10.1145/3236024.3236040}, abstractNote={Compilers primarily give feedback about problems to developers through the use of error messages. Unfortunately, developers routinely find these messages to be confusing and unhelpful. In this paper, we postulate that because error messages present poor explanations, theories of explanation---such as Toulmin's model of argument---can be applied to improve their quality. To understand how compilers should present explanations to developers, we conducted a comparative evaluation with 68 professional software developers and an empirical study of compiler error messages found in Stack Overflow questions across seven different programming languages. Our findings suggest that, given a pair of error messages, developers significantly prefer the error message that employs proper argument structure over a deficient argument structure when neither offers a resolution---but will accept a deficient argument structure if it provides a resolution to the problem. Human-authored explanations on Stack Overflow converge to one of the three argument structures: those that provide a resolution to the error, simple arguments, and extended arguments that provide additional evidence for the problem. Finally, we contribute three practical design principles to inform the design and evaluation of compiler error messages.}, journal={ESEC/FSE'18: PROCEEDINGS OF THE 2018 26TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING}, author={Barik, Titus and Ford, Denae and Murphy-Hill, Emerson and Parnin, Chris}, year={2018}, pages={633–643} }
 @article{imtiaz_middleton_girouard_murphy-hill_2018, title={Sentiment and Politeness Analysis Tools on Developer Discussions Are Unreliable, but so Are People}, DOI={10.1145/3194932.3194938}, abstractNote={Many software engineering researchers use sentiment and politeness analysis tools to study the emotional environment within collaborative software development. However, papers that use these tools rarely establish their reliability. In this paper, we evaluate popular existing tools for sentiment and politeness detection over a dataset of 589 manually rated GitHub comments that represent developer discussions. We also develop a coding scheme on how to quantify politeness for conversational texts found on collaborative platforms. We find that not only do the tools have a low agreement with human ratings on sentiment and politeness, human raters also have a low agreement among themselves.}, journal={2018 IEEE/ACM 3RD INTERNATIONAL WORKSHOP ON EMOTION AWARENESS IN SOFTWARE ENGINEERING (SEMOTION)}, author={Imtiaz, Nasif and Middleton, Justin and Girouard, Peter and Murphy-Hill, Emerson}, year={2018}, pages={55–61} }
 @article{head_sadowski_murphy-hill_knight_2018, title={When Not to Comment Questions and Tradeoffs with API Documentation for C plus plus Projects}, DOI={10.1145/3180155.3180176}, abstractNote={Without usable and accurate documentation of how to use an API, developers can find themselves deterred from reusing relevant code. In C++, one place developers can find documentation is in a header file. When information is missing, they may look at the corresponding implementation code. To understand what's missing from C++ API documentation and the factors influencing whether it will be fixed, we conducted a mixed-methods study involving two experience sampling surveys with hundreds of developers at the moment they visited implementation code, interviews with 18 of those developers, and interviews with 8 API maintainers. In many cases, updating documentation may provide only limited value for developers, while requiring effort maintainers don't want to invest. We identify a set of questions maintainers and tool developers should consider when improving API-level documentation.}, journal={PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE)}, author={Head, Andrew and Sadowski, Caitlin and Murphy-Hill, Emerson and Knight, Andrea}, year={2018}, pages={643–653} }
 @article{middleton_murphy-hill_green_meade_mayer_white_mcdonald_2018, title={Which Contributions Predict Whether Developers Are Accepted Into GitHub Teams}, ISSN={["2160-1852"]}, DOI={10.1145/3196398.3196429}, abstractNote={Open-source software (OSS) often evolves from volunteer contributions, so OSS development teams must cooperate with their communities to attract new developers. However, in view of the myriad ways that developers interact over platforms for OSS development, observers of these communities may have trouble discerning, and thus learning from, the successful patterns of developer-to-team interactions that lead to eventual team acceptance. In this work, we study project communities on GitHub to discover which forms of software contribution characterize developers who begin as development team outsiders and eventually join the team, in contrast to developers who remain team outsiders. From this, we identify and compare the forms of contribution, such as pull requests and several forms of discussion comments, that influence whether new developers join OSS teams, and we discuss the implications that these behavioral patterns have for the focus of designers and educators.}, journal={2018 IEEE/ACM 15TH INTERNATIONAL CONFERENCE ON MINING SOFTWARE REPOSITORIES (MSR)}, author={Middleton, Justin and Murphy-Hill, Emerson and Green, Demetrius and Meade, Adam and Mayer, Roger and White, David and McDonald, Steve}, year={2018}, pages={403–413} }
 @article{do_ali_livshits_bodden_smith_murphy-hill_2017, title={Cheetah: Just-in-Time Taint Analysis for Android Apps}, ISSN={["2574-1926"]}, DOI={10.1109/icse-c.2017.20}, abstractNote={Current static-analysis tools are often long-running, which causes them to be sidelined into nightly build checks. As a result, developers rarely use such tools to detect bugs when writing code, because they disrupt their workflow. In this paper, we present Cheetah, a static taint analysis tool for Android apps that interleaves bug fixing and code development in the Eclipse integrated development environment. Cheetah is based on the novel concept of Just-in-Time static analysis that discovers and reports the most relevant results to the developer fast, and computes the more complex results incrementally later. Unlike traditional batch-style static-analysis tools, Cheetah causes minimal disruption to the developer's workflow. This video demo showcases the main features of Cheetah: https://www.youtube.com/watch?v=i_KQD-GTBdA.}, journal={PROCEEDINGS OF THE 2017 IEEE/ACM 39TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING COMPANION (ICSE-C 2017)}, author={Do, Lisa Nguyen Quang and Ali, Karim and Livshits, Benjamin and Bodden, Eric and Smith, Justin and Murphy-Hill, Emerson}, year={2017}, pages={39–42} }
 @article{ge_shepherd_damevski_murphy-hill_2017, title={Design and evaluation of a multi-recommendation system for local code search}, volume={39}, ISSN={["1095-8533"]}, DOI={10.1016/j.jvlc.2016.07.002}, abstractNote={Searching for relevant code in the local code base is a common activity during software maintenance. However, previous research indicates that 88% of manually composed search queries retrieve no relevant results. One reason that many searches fail is existing search tools’ dependence on string matching algorithms, which cannot find semantically related code. To solve this problem by helping developers compose better queries, researchers have proposed numerous query recommendation techniques, relying on a variety of dictionaries and algorithms. However, few of these techniques are empirically evaluated by usage data from real-world developers. To fill this gap, we designed a multi-recommendation system that relies on the cooperation between several query recommendation techniques. We implemented and deployed this recommendation system within the Sando code search tool and conducted a longitudinal field study. Our study shows that over 34% of all queries were adopted from recommendation; and recommended queries retrieved results 11% more often than manual queries.}, journal={JOURNAL OF VISUAL LANGUAGES AND COMPUTING}, author={Ge, Xi and Shepherd, David C. and Damevski, Kostadin and Murphy-Hill, Emerson}, year={2017}, month={Apr}, pages={1–9} }
 @article{terrell_kofink_middleton_rainear_murphy-hill_parnin_stallings_2017, title={Gender differences and bias in open source: pull request acceptance of women versus men}, journal={PeerJ Computer Science}, author={Terrell, J. and Kofink, A. and Middleton, J. and Rainear, C. and Murphy-Hill, E. and Parnin, C. and Stallings, J.}, year={2017} }
 @inproceedings{batik_murphy-hill_zimmermann_2016, title={A Perspective on blending programming environments and games: beyond points, badges, and leaderboards}, DOI={10.1109/vlhcc.2016.7739676}, abstractNote={Programming environments and game environments share many of the same characteristics, such as requiring their users to understand strategies and solve difficult challenges. Yet, only game designers have been able to capitalize on methods that are consistently able to keep their users engaged. Consequently, software engineers have been increasingly interested in understanding how these game experiences can be transferred to programming experiences, a process termed gamification. In this perspective paper, we offer a formal argument that gamification as applied today is predominately narrow, placing emphasis on the reward aspects of game mechanics at the expense of other important game elements, such as framing. We argue that more authentic game experiences are possible when programming environments are re-conceptualized and assessed as holistic, serious games. This broad gamification enables us to more effectively apply and leverage the breadth of game elements to the construction and understanding of programming environments.}, booktitle={2016 ieee symposium on visual languages and human-centric computing (vl/hcc)}, author={Batik, T. and Murphy-Hill, E. and Zimmermann, T.}, year={2016}, pages={134–142} }
 @article{barik_murphy-hill_2016, title={A process for surviving survey design and sailing through survey deployment}, journal={Perspectives on Data Science for Software Engineering}, author={Barik, T. and Murphy-Hill, E.}, year={2016}, pages={213–219} }
 @article{barik_pandita_middleton_murphy-hill_2016, title={Designing for Dystopia Software Engineering Research for the Post-apocalypse}, DOI={10.1145/2950290.2983986}, abstractNote={Software engineering researchers have a tendency to be optimistic about the future. Though useful, optimism bias bolsters unrealistic expectations towards desirable outcomes. We argue that explicitly framing software engineering research through pessimistic futures, or dystopias, will mitigate optimism bias and engender more diverse and thought-provoking research directions. We demonstrate through three pop culture dystopias, Battlestar Galactica, Fallout 3, and Children of Men, how reflecting on dystopian scenarios provides research opportunities as well as implications, such as making research accessible to non-experts, that are relevant to our present.}, journal={FSE'16: PROCEEDINGS OF THE 2016 24TH ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON FOUNDATIONS OF SOFTWARE ENGINEERING}, author={Barik, Titus and Pandita, Rahul and Middleton, Justin and Murphy-Hill, Emerson}, year={2016}, pages={924–927} }
 @article{barik_song_johnson_murphy-hill_2016, title={From Quick Fixes to Slow Fixes: Reimagining Static Analysis Resolutions to Enable Design Space Exploration}, ISSN={["1063-6773"]}, DOI={10.1109/icsme.2016.63}, abstractNote={Quick Fixes as implemented by IDEs today prioritize the speed of applying the fix as a primary criteria for success. In this paper, we argue that when tools over-optimize this criteria, such tools neglect other dimensions that are important to successfully applying a fix, such as being able to explore the design space of multiple fixes. This is especially true in cases where a fix only partially implements the intention of the developer. In this paper, we implement an extension to the FindBugs defect finding tool, called FixBugs, an interactive resolution approach within the Eclipse development environment that prioritizes other design criteria to the successful application of suggested fixes. Our empirical evaluation method of 12 developers suggests that FixBugs enables developers to explore alternative designs and balances the benefits of manual fixing with automated fixing, without having to compromise in either effectiveness or efficiency. Our analytic evaluation method with six usability experts identified trade-offs between FixBugs and Quick Fix, and suggests ways in which FixBugs and Quick Fix can offer complementary capabilities to better support developers.}, journal={32ND IEEE INTERNATIONAL CONFERENCE ON SOFTWARE MAINTENANCE AND EVOLUTION (ICSME 2016)}, author={Barik, Titus and Song, Yoonki and Johnson, Brittany and Murphy-Hill, Emerson}, year={2016}, pages={212–222} }
 @article{middleton_murphy-hill_2016, title={Perquimans: A Tool for Visualizing Patterns of Spreadsheet Function Combinations}, DOI={10.1109/vissoft.2016.27}, abstractNote={Spreadsheet environments offer many functions to manipulate data, which users can combine into complex formulae. However, for both researchers and practitioners who want to study formulae to improve spreadsheet practices, anticipating these combinations is difficult. Therefore, we developed Perquimans, a tool that analyzes spreadsheet collections to visualize patterns of function combination as an interactive tree, representing both the most common and most anomalous patterns of formula construction and their contexts. Using spreadsheets from the Enron corpus, we conduct a case study and a user study to explore Perquimans' various applications, such as those in flexible smell detection and spreadsheet education.}, journal={2016 IEEE WORKING CONFERENCE ON SOFTWARE VISUALIZATION}, author={Middleton, Justin and Murphy-Hill, Emerson}, year={2016}, pages={51–60} }
 @inproceedings{morrison_pandita_murphy-hill_mclaughlin_2016, title={Veteran developers' contributions and motivations: an open source perspective}, DOI={10.1109/vlhcc.2016.7739681}, abstractNote={Decades of psychology and sociology research demonstrate that humans change cognitively and socially as they age, so it stands to reason that software developers likewise undergo changes that may affect their work. In this paper, we investigate age-related differences in software developers through the lens of open source software, which is built in communities that tend not to include older software developers. We report on the results of a qualitative panel discussion, then quantitatively analyze such veteran developers' activities on StackOverflow, to understand why few veteran software developers' participate in open source, and how their contributions to software development differ from their younger peers. Our results suggest that veterans' are less motivated by social interactions than their younger peers. Our results also suggest that veterans could contribute a broader knowledge of software development than their younger peers, as well as knowledge of old technologies that can be applied to newer technologies.}, booktitle={2016 ieee symposium on visual languages and human-centric computing (vl/hcc)}, author={Morrison, P. and Pandita, R. and Murphy-Hill, E. and McLaughlin, A.}, year={2016}, pages={171–179} }
 @inproceedings{barik_song_johnson_murphy-hill_2016, title={from quick fixes to slow fixes: reimagining static analysis resolutions to enable design space exploration}, booktitle={32nd ieee international conference on software maintenance and evolution (icsme 2016)}, author={Barik, T. and Song, Y. and Johnson, B. and Murphy-Hill, E.}, year={2016}, pages={212–222} }
 @inproceedings{thomas_chu_lipford_smith_murphy-hill_2015, title={A study of interactive code annotation for access control vulnerabilities}, DOI={10.1109/vlhcc.2015.7357200}, abstractNote={While there are a variety of existing tools to help detect security vulnerabilities in code, they are seldom used by developers due to the time or security expertise required. We are investigating techniques integrated within the IDE to help developers detect and mitigate security vulnerabilities. In this paper, we examine using interactive annotation for access control vulnerabilities. We evaluated whether developers could indicate access control logic using interactive annotation and understand the vulnerabilities reported as a result. Our study indicates that developers can easily find and annotate access control logic but can struggle to use our tool to trace the cause of the vulnerability. Our results provide design guidance for improving the interaction and communication of such security tools with developers.}, booktitle={Proceedings 2015 IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC)}, author={Thomas, T. and Chu, B. and Lipford, H. and Smith, J. and Murphy-Hill, E.}, year={2015}, pages={73–77} }
 @article{johnson_pandita_murphy-hill_heckman_2015, title={Bespoke Tools: Adapted to the Concepts Developers Know}, DOI={10.1145/2786805.2803197}, abstractNote={Even though different developers have varying levels of expertise, the tools in one developer's integrated development environment (IDE) behave the same as the tools in every other developers' IDE. In this paper, we propose the idea of automatically customizing development tools by modeling what a developer knows about software concepts. We then sketch three such ``bespoke'' tools and describe how development data can be used to infer what a developer knows about relevant concepts. Finally, we describe our ongoing efforts to make bespoke program analysis tools that customize their notifications to the developer using them.}, journal={2015 10TH JOINT MEETING OF THE EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND THE ACM SIGSOFT SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE 2015) PROCEEDINGS}, author={Johnson, Brittany and Pandita, Rahul and Murphy-Hill, Emerson and Heckman, Sarah}, year={2015}, pages={878–881} }
 @article{lubick_barik_murphy-hill_2015, title={Can Social Screencasting Help Developers Learn New Tools?}, DOI={10.1109/chase.2015.18}, abstractNote={An effective way to learn about software development tools is by directly observing peers' workflows. However, these tool knowledge transfer events happen infrequently because developers must be both colocated and available. We explore an online social screen casting system that removes the dependencies of colocation and availability while maintaining the beneficial tool knowledge transfer of peer observation. Our results from a formative study indicate these online observations happen more frequently than in-person observations, but their effects are only temporary. We conclude that while peer observation facilitates online knowledge transfer, it is not the only component -- other social factors may be involved.}, journal={2015 IEEE/ACM 8TH INTERNATIONAL WORKSHOP ON COOPERATIVE AND HUMAN ASPECTS OF SOFTWARE ENGINEERING CHASE 2015}, author={Lubick, Kevin and Barik, Titus and Murphy-Hill, Emerson}, year={2015}, pages={113–114} }
 @article{barik_lubick_murphy-hill_2015, title={Commit Bubbles}, DOI={10.1109/icse.2015.210}, abstractNote={Developers who use version control are expected to produce systematic commit histories that show well-defined steps with logical forward progress. Existing version control tools assume that developers also write code systematically. Unfortunately, the process by which developers write source code is often evolutionary, or as-needed, rather than systematic. Our contribution is a fragment-oriented concept called Commit Bubbles that will allow developers to construct systematic commit histories that adhere to version control best practices with less cognitive effort, and in a way that integrates with their as-needed coding workflows.}, journal={2015 IEEE/ACM 37TH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, VOL 2}, author={Barik, Titus and Lubick, Kevin and Murphy-Hill, Emerson}, year={2015}, pages={631–634} }
 @article{hermans_murphy-hill_2015, title={Enron's Spreadsheets and Related Emails: A Dataset and Analysis}, DOI={10.1109/icse.2015.129}, abstractNote={Spreadsheets are used extensively in business processes around the world and as such, are a topic of research interest. Over the past few years, many spreadsheet studies have been performed on the EUSES spreadsheet corpus. While this corpus has served the spreadsheet community well, the spreadsheets it contains are mainly gathered with search engines and might therefore not represent spreadsheets used in companies. This paper presents an analysis of a new dataset, extracted from the Enron email archive, containing over 15,000 spreadsheets used within the Enron Corporation. In addition to the spreadsheets, we also present an analysis of the associated emails, where we look into spreadsheet-specific email behavior. Our analysis shows that 1) 24% of Enron spreadsheets with at least one formula contain an Excel error, 2) there is little diversity in the functions used in spreadsheets: 76% of spreadsheets in the presented corpus use the same 15 functions and, 3) the spreadsheets are substantially more smelly than the EUSES corpus, especially in terms of long calculation chains. Regarding the emails, we observe that spreadsheets 1) are a frequent topic of email conversation with 10% of emails either referring to or sending spreadsheets and 2) the emails are frequently discussing errors in and updates to spreadsheets.}, journal={2015 IEEE/ACM 37TH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, VOL 2}, author={Hermans, Felienne and Murphy-Hill, Emerson}, year={2015}, pages={7–16} }
 @article{barik_lubick_smith_slankas_murphy-hill_2015, title={FUSE: A Reproducible, Extendable, Internet-scale Corpus of Spreadsheets}, DOI={10.1109/msr.2015.70}, abstractNote={Spreadsheets are perhaps the most ubiquitous form of end-user programming software. This paper describes a corpus, called Fuse, containing 2,127,284 URLs that return spreadsheets (and their HTTP server responses), and 249,376 unique spreadsheets, contained within a public web archive of over 26.83 billion pages. Obtained using nearly 60,000 hours of computation, the resulting corpus exhibits several useful properties over prior spreadsheet corpora, including reproducibility and extendability. Our corpus is unencumbered by any license agreements, available to all, and intended for wide usage by end-user software engineering researchers. In this paper, we detail the data and the spreadsheet extraction process, describe the data schema, and discuss the trade-offs of Fuse with other corpora.}, journal={12TH WORKING CONFERENCE ON MINING SOFTWARE REPOSITORIES (MSR 2015)}, author={Barik, Titus and Lubick, Kevin and Smith, Justin and Slankas, John and Murphy-Hill, Emerson}, year={2015}, pages={486–489} }
 @article{murphy-hill_roberts_sommerlad_opdyke_2015, title={GUEST EDITORS' INTRODUCTION REFACTORING}, volume={32}, ISSN={["1937-4194"]}, DOI={10.1109/ms.2015.136}, abstractNote={Refactoring changes a program's source code without changing its external behavior, typically to improve the software's design The articles selected for this issue range from historical, exploring refactoring research's origins, to practical, exploring software developers' experiences with refactoring, to theoretical, exploring new refactoring techniques that haven't yet appeared in the wild. The Web extra at https://youtu.be/f2IK3V9wwa8 is an audio recording of Davide Falessi speaking with guest editors Emerson Murphy-Hill of North Carolina State University, Don Roberts of the University of Evansville, and Peter Sommerlad of Fachhochschule Ostschweiz / Hochschule fur Technik Rapperswil about past, present, and future approaches to refactoring.}, number={6}, journal={IEEE SOFTWARE}, author={Murphy-Hill, Emerson and Roberts, Don and Sommerlad, Peter and Opdyke, William F.}, year={2015}, pages={27–29} }
 @article{murphy-hill_lee_murphy_mcgrenere_2015, title={How Do Users Discover New Tools in Software Development and Beyond?}, volume={24}, ISSN={["1573-7551"]}, DOI={10.1007/s10606-015-9230-9}, number={5}, journal={COMPUTER SUPPORTED COOPERATIVE WORK-THE JOURNAL OF COLLABORATIVE COMPUTING AND WORK PRACTICES}, author={Murphy-Hill, Emerson and Lee, Da Young and Murphy, Gail C. and McGrenere, Joanna}, year={2015}, month={Oct}, pages={389–422} }
 @article{witschey_zielinska_welk_murphy-hill_mayhorn_zimmermann_2015, title={Quantifying Developers' Adoption of Security Tools}, DOI={10.1145/2786805.2786816}, abstractNote={Security tools could help developers find critical vulnerabilities, yet such tools remain underused. We surveyed developers from 14 companies and 5 mailing lists about their reasons for using and not using security tools. The resulting thirty-nine predictors of security tool use provide both expected and unexpected insights. As we expected, developers who perceive security to be important are more likely to use security tools than those who do not. But that was not the strongest predictor of security tool use, it was instead developers' ability to observe their peers using security tools.}, journal={2015 10TH JOINT MEETING OF THE EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND THE ACM SIGSOFT SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE 2015) PROCEEDINGS}, publisher={ACM}, author={Witschey, Jim and Zielinska, Olga and Welk, Allaire and Murphy-Hill, Emerson and Mayhorn, Chris and Zimmermann, Thomas}, year={2015}, pages={260–271} }
 @article{smith_johnson_murphy-hill_chu_lipford_2015, title={Questions Developers Ask While Diagnosing Potential Security Vulnerabilities with Static Analysis}, DOI={10.1145/2786805.2786812}, abstractNote={Security tools can help developers answer questions about potential vulnerabilities in their code. A better understanding of the types of questions asked by developers may help toolsmiths design more effective tools. In this paper, we describe how we collected and categorized these questions by conducting an exploratory study with novice and experienced software developers. We equipped them with Find Security Bugs, a security-oriented static analysis tool, and observed their interactions with security vulnerabilities in an open-source system that they had previously contributed to. We found that they asked questions not only about security vulnerabilities, associated attacks, and fixes, but also questions about the software itself, the social ecosystem that built the software, and related resources and tools. For example, when participants asked questions about the source of tainted data, their tools forced them to make imperfect tradeoffs between systematic and ad hoc program navigation strategies.}, journal={2015 10TH JOINT MEETING OF THE EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND THE ACM SIGSOFT SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE 2015) PROCEEDINGS}, author={Smith, Justin and Johnson, Brittany and Murphy-Hill, Emerson and Chu, Bill and Lipford, Heather Richter}, year={2015}, pages={248–259} }
 @article{murphy-hill_zimmermann_bird_nagappan_2015, title={The Design Space of Bug Fixes and How Developers Navigate It}, volume={41}, ISSN={["1939-3520"]}, DOI={10.1109/tse.2014.2357438}, abstractNote={When software engineers fix bugs, they may have several options as to how to fix those bugs. Which fix they choose has many implications, both for practitioners and researchers: What is the risk of introducing other bugs during the fix? Is the bug fix in the same code that caused the bug? Is the change fixing the cause or just covering a symptom? In this paper, we investigate alternative fixes to bugs and present an empirical study of how engineers make design choices about how to fix bugs. We start with a motivating case study of the Pex4Fun environment. Then, based on qualitative interviews with 40 engineers working on a variety of products, data from six bug triage meetings, and a survey filled out by 326 Microsoft engineers and 37 developers from other companies, we found a number of factors, many of them non-technical, that influence how bugs are fixed, such as how close to release the software is. We also discuss implications for research and practice, including how to make bug prediction and localization more accurate.}, number={1}, journal={IEEE TRANSACTIONS ON SOFTWARE ENGINEERING}, author={Murphy-Hill, Emerson and Zimmermann, Thomas and Bird, Christian and Nagappan, Nachiappan}, year={2015}, month={Jan}, pages={65–81} }
 @inproceedings{mushi_murphy-hill_dutta_2015, title={The The human factor: A challenge for network reliability design}, DOI={10.1109/drcn.2015.7149000}, abstractNote={Computer and communication networks form part of the critical infrastructure of planetary society, and much work has gone into making the technology for such networks reliable. However, such networks have to be administered and managed by human administrators. The process of such administration, as it becomes increasingly complex, itself poses a challenge to protocols and systems designed to enhance network reliability. Several studies of highly reliable systems have shown that human operator error can account for 20-70% of system failures, and as the system become more reliable, the human factor gains increasing significance. Nevertheless, efforts to design reliability measures have remained largely disjoint from considerations of the human process of network administration. In this position paper, we describe some preliminary effort to examine the question of whether such joint consideration can be useful. We employ the first stages of a Grounded Theory approach to study network administration and management workflows in order to understand their impact in network reliability. Based on our study, we advance the proposition that the future of network reliability engineering must actively address the human process of system administration and management and concommittant misconfigurations.}, booktitle={2015 11th International Conference on the Design of Reliable Communication Networks (DRCN)}, author={Mushi, M. and Murphy-Hill, E. and Dutta, Rudra}, year={2015}, pages={115–118} }
 @article{fritz_murphy_murphy-hill_ou_hill_2014, title={Degree-of-Knowledge: Modeling a Developer's Knowledge of Code}, volume={23}, ISSN={["1557-7392"]}, DOI={10.1145/2512207}, abstractNote={As a software system evolves, the system's codebase constantly changes, making it difficult for developers to answer such questions as who is knowledgeable about particular parts of the code or who needs to know about changes made. In this article, we show that an externalized model of a developer's individual knowledge of code can make it easier for developers to answer such questions. We introduce a degree-of-knowledge model that computes automatically, for each source-code element in a codebase, a real value that represents a developer's knowledge of that element based on a developer's authorship and interaction data. We present evidence that shows that both authorship and interaction data of the code are important in characterizing a developer's knowledge of code. We report on the usage of our model in case studies on expert finding, knowledge transfer, and identifying changes of interest. We show that our model improves upon an existing expertise-finding approach and can accurately identify changes for which a developer should likely be aware. We discuss how our model may provide a starting point for knowledge transfer but that more refinement is needed. Finally, we discuss the robustness of the model across multiple development sites.}, number={2}, journal={ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY}, author={Fritz, Thomas and Murphy, Gail C. and Murphy-Hill, Emerson and Ou, Jingwen and Hill, Emily}, year={2014}, month={Mar} }
 @article{barik_lubick_christie_murphy-hill_2014, title={How Developers Visualize Compiler Messages: A Foundational Approach to Notification Construction}, DOI={10.1109/vissoft.2014.24}, abstractNote={Self-explanation is one cognitive strategy through which developers comprehend error notifications. Self-explanation, when left solely to developers, can result in a significant loss of productivity because humans are imperfect and bounded in their cognitive abilities. We argue that modern IDEs offer limited visual affordances for aiding developers with self-explanation, because compilers do not reveal their reasoning about the causes of errors to the developer. The contribution of our paper is a foundational set of visual annotations that aid developers in better comprehending error messages when compilers expose their internal reasoning. We demonstrate through a user study of 28 undergraduate Software Engineering students that our annotations align with the way in which developers self-explain error notifications. We show that these annotations allow developers to give significantly better self-explanations when compared against today's dominant visualization paradigm, and that better self-explanations yield better mental models of notifications. The results of our work suggest that the diagrammatic techniques developers use to explain problems can serve as an effective foundation for how IDEs should visually communicate to developers.}, journal={2014 SECOND IEEE WORKING CONFERENCE ON SOFTWARE VISUALIZATION (VISSOFT)}, author={Barik, Titus and Lubick, Kevin and Christie, Samuel and Murphy-Hill, Emerson}, year={2014}, pages={87–96} }
 @inproceedings{ge_shepherd_damevski_murphy-hill_2014, title={How developers use multi-recommendation system in local code search}, DOI={10.1109/vlhcc.2014.6883025}, abstractNote={Developers often start programming tasks by searching for relevant code in their local codebase. Previous research suggests that 88% of manually-composed queries retrieve no relevant results. Many searches fail because existing search tools depend solely on string matching with a manually-composed query, which cannot find semantically-related code. To solve this problem, researchers proposed query recommendation techniques to help developers compose queries without the extensive knowledge of the codebase under search. However, few of these techniques are empirically evaluated by the usage data from real-world developers. To fill this gap, we studied several query recommendation techniques by extending Sando and conducting a longitudinal field study. Our study shows that over 30% of all queries were adopted from recommendation; and recommended queries retrieved results 7% more often than manual queries.}, booktitle={2014 ieee symposium on visual languages and human-centric computing (vl/hcc 2014)}, author={Ge, X. and Shepherd, D. and Damevski, K. and Murphy-Hill, E.}, year={2014}, pages={69–76} }
 @inproceedings{ge_shepherd_damevski_murphy-hill_2014, title={How the Sando search tool recommends queries}, DOI={10.1109/csmr-wcre.2014.6747210}, abstractNote={Developers spend a significant amount of time searching their local codebase. To help them search efficiently, researchers have proposed novel tools that apply state-of-the-art information retrieval algorithms to retrieve relevant code snippets from the local codebase. However, these tools still rely on the developer to craft an effective query, which requires that the developer is familiar with the terms contained in the related code snippets. Our empirical data from a state-of-the-art local code search tool, called Sando, suggests that developers are sometimes unacquainted with their local codebase. In order to bridge the gap between developers and their ever-increasing local codebase, in this paper we demonstrate the recommendation techniques integrated in Sando.}, booktitle={2014 Software Evolution Week - IEEE Conference on Software Maintenance, Reengineering, and Reverse Engineering (CSMR-WCRE)}, author={Ge, X. and Shepherd, D. and Damevski, K. and Murphy-Hill, E.}, year={2014}, pages={425–428} }
 @article{murphy-hill_2014, title={The Future of Social Learning in Software Engineering}, volume={47}, ISSN={["1558-0814"]}, DOI={10.1109/mc.2013.406}, abstractNote={Building on time-honored strengths of person-to-person social learning, new technologies can help software developers learn from one another more efficiently and productively. In particular, continuous social screencasting is a promising technique for sharing and learning about new software development tools.}, number={1}, journal={COMPUTER}, author={Murphy-Hill, Emerson}, year={2014}, month={Jan}, pages={48–54} }
 @article{soares_gheyi_murphy-hill_johnson_2013, title={Comparing approaches to analyze refactoring activity on software repositories}, volume={86}, ISSN={["1873-1228"]}, DOI={10.1016/j.jss.2012.10.040}, abstractNote={Some approaches have been used to investigate evidence on how developers refactor their code, whether refactorings activities may decrease the number of bugs, or improve developers’ productivity. However, there are some contradicting evidence in previous studies. For instance, some investigations found evidence that if the number of refactoring changes increases in the preceding time period the number of defects decreases, different from other studies. They have used different approaches to evaluate refactoring activities. Some of them identify committed behavior-preserving transformations in software repositories by using manual analysis, commit messages, or dynamic analysis. Others focus on identifying which refactorings are applied between two programs by using manual inspection or static analysis. In this work, we compare three different approaches based on manual analysis, commit message (Ratzinger's approach) and dynamic analysis (SafeRefactor's approach) to detect whether a pair of versions determines a refactoring, in terms of behavioral preservation. Additionally, we compare two approaches (manual analysis and Ref-Finder) to identify which refactorings are performed in each pair of versions. We perform both comparisons by evaluating their accuracy, precision, and recall in a randomly selected sample of 40 pairs of versions of JHotDraw, and 20 pairs of versions of Apache Common Collections. While the manual analysis presents the best results in both comparisons, it is not as scalable as the automated approaches. Ratzinger's approach is simple and fast, but presents a low recall; differently, SafeRefactor is able to detect most applied refactorings, although limitations in its test generation backend results for some kinds of subjects in low precision values. Ref-Finder presented a low precision and recall in our evaluation.}, number={4}, journal={JOURNAL OF SYSTEMS AND SOFTWARE}, author={Soares, Gustavo and Gheyi, Rohit and Murphy-Hill, Emerson and Johnson, Brittany}, year={2013}, month={Apr}, pages={1006–1022} }
 @inproceedings{witschey_murphy-hill_xiao_2013, title={Conducting interview studies: Challenges, lessons learned, and open questions}, DOI={10.1109/cesi.2013.6618471}, abstractNote={Our recent work uses sociological theories and interview techniques to discover why so few developers use tools that help them write secure code. In this experience report, we describe nine challenges we encountered in planning and conducting an interview study with industrial practitioners, from choosing a population of interest to presenting the work in a way that resonates with the research community. In doing so, we aim to spur discussion in the software engineering research community about common challenges in empirical research and ways to address them.}, booktitle={2013 1st International Workshop on Conducting Empirical Studies in Industry (CESI)}, author={Witschey, J. and Murphy-Hill, E. and Xiao, S. D.}, year={2013}, pages={51–54} }
 @article{murphy-hill_barik_black_2013, title={Interactive ambient visualizations for soft advice}, volume={12}, ISSN={["1473-8724"]}, DOI={10.1177/1473871612469020}, abstractNote={Some software packages offer the user soft advice: recommendations that are intended to help the user create high-quality artifacts but which may turn out to be bad advice. It is left to the user to determine whether the soft advice really will improve quality and to decide whether to adopt it. Visualizations can help the user in making this decision, but we believe that conventional visualizations are less than ideal. In this article, we describe an interactive ambient visualization to help users identify, understand, and interpret soft advice. Our visualization was developed to help programmers interpret code smells, which are indications that a software project may be suffering from design problems. We describe a laboratory experiment with 12 programmers that tests several hypotheses about our visualization. The findings suggest that our tool helps programmers to identify smells more effectively and to make more informed judgments about the design of the program under development. We then describe an application of our visualization technique in another domain: an English style and grammar advisor. This second application suggests that our technique can be applied to several domains and also suggests how the technique must be varied to make it domain specific.}, number={2}, journal={INFORMATION VISUALIZATION}, author={Murphy-Hill, Emerson and Barik, Titus and Black, Andrew P.}, year={2013}, month={Apr}, pages={107–132} }
 @inproceedings{murphy-hill_zimmermann_bird_nagappan_2013, title={The design of bug fixes}, DOI={10.1109/icse.2013.6606579}, abstractNote={When software engineers fix bugs, they may have several options as to how to fix those bugs. Which fix they choose has many implications, both for practitioners and researchers: What is the risk of introducing other bugs during the fix? Is the bug fix in the same code that caused the bug? Is the change fixing the cause or just covering a symptom? In this paper, we investigate alternative fixes to bugs and present an empirical study of how engineers make design choices about how to fix bugs. Based on qualitative interviews with 40 engineers working on a variety of products, data from 6 bug triage meetings, and a survey filled out by 326 engineers, we found a number of factors, many of them non-technical, that influence how bugs are fixed, such as how close to release the software is. We also discuss several implications for research and practice, including ways to make bug prediction and localization more accurate.}, booktitle={Proceedings of the 35th International Conference on software engineering (ICSE 2013)}, author={Murphy-Hill, E. and Zimmermann, T. and Bird, C. and Nagappan, N.}, year={2013}, pages={332–341} }
 @inproceedings{johnson_song_murphy-hill_bowdidge_2013, title={Why don't software developers use static analysis tools to find bugs?}, DOI={10.1109/icse.2013.6606613}, abstractNote={Using static analysis tools for automating code inspections can be beneficial for software engineers. Such tools can make finding bugs, or software defects, faster and cheaper than manual inspections. Despite the benefits of using static analysis tools to find bugs, research suggests that these tools are underused. In this paper, we investigate why developers are not widely using static analysis tools and how current tools could potentially be improved. We conducted interviews with 20 developers and found that although all of our participants felt that use is beneficial, false positives and the way in which the warnings are presented, among other things, are barriers to use. We discuss several implications of these results, such as the need for an interactive mechanism to help developers fix defects.}, booktitle={Proceedings of the 35th International Conference on software engineering (ICSE 2013)}, author={Johnson, B. and Song, Y. and Murphy-Hill, E. and Bowdidge, R.}, year={2013}, pages={672–681} }
 @article{parnin_bird_murphy-hill_2012, title={Adoption and use of Java generics}, volume={18}, ISSN={1382-3256 1573-7616}, url={http://dx.doi.org/10.1007/S10664-012-9236-6}, DOI={10.1007/s10664-012-9236-6}, number={6}, journal={Empirical Software Engineering}, publisher={Springer Science and Business Media LLC}, author={Parnin, Chris and Bird, Christian and Murphy-Hill, Emerson}, year={2012}, month={Dec}, pages={1047–1089} }
 @inproceedings{mealin_murphy-hill_2012, title={An exploratory study of blind software developers}, DOI={10.1109/vlhcc.2012.6344485}, abstractNote={As a research community, we currently know very little about the challenges faced by blind software developers. Without knowing what those challenges are, the community cannot effectively address these challenges. In this paper, we describe the first exploratory empirical study, where we conducted eight interviews with blind software developers to identify aspects of software development that are a challenge. Our results suggest that visually impaired software developers face challenges, for instance, when using screen readers to look up information when writing code. We discuss a variety of implications, including that blind software developers need additional support in discovering relevant software development tools.}, booktitle={2012 IEEE symposium on visual languages and human-centric computing (vl/hcc)}, author={Mealin, S. and Murphy-Hill, E.}, year={2012}, pages={71–74} }
 @inproceedings{murphy-hill_2012, title={Continuous social screencasting to facilitate software tool discovery}, DOI={10.1109/icse.2012.6227090}, abstractNote={The wide variety of software development tools available today have a great potential to improve the way developers make software, but that potential goes unfulfilled when developers are not aware of useful tools. In this paper, I introduce the idea of continuous social screencasting, a novel mechanism to help developers gain awareness of relevant tools by enabling them to learn remotely and asychronously from their peers. The idea builds on the strength of several existing techniques that developers already use for discovering new tools, including screencasts and online social networks.}, booktitle={2012 34th international conference on software engineering (icse)}, author={Murphy-Hill, E.}, year={2012}, pages={1317–1320} }
 @inproceedings{ge_dubose_murphy-hill_2012, title={Reconciling manual and automatic refactoring}, DOI={10.1109/icse.2012.6227192}, abstractNote={Although useful and widely available, refactoring tools are underused. One cause of this underuse is that a developer sometimes fails to recognize that she is going to refactor before she begins manually refactoring. To address this issue, we conducted a formative study of developers' manual refactoring process, suggesting that developers' reliance on “chasing error messages” when manually refactoring is an error-prone manual refactoring strategy. Additionally, our study distilled a set of manual refactoring workflow patterns. Using these patterns, we designed a novel refactoring tool called BeneFactor. BeneFactor detects a developer's manual refactoring, reminds her that automatic refactoring is available, and can complete her refactoring automatically. By alleviating the burden of recognizing manual refactoring, BeneFactor is designed to help solve the refactoring tool underuse problem.}, booktitle={2012 34th international conference on software engineering (icse)}, author={Ge, X. and DuBose, Q. L. and Murphy-Hill, E.}, year={2012}, pages={211–221} }
 @inproceedings{murphy-hill_ayazifar_black_2011, title={Restructuring software with gestures}, DOI={10.1109/vlhcc.2011.6070394}, abstractNote={Refactoring is the process of changing the structure of code without changing its meaning, and is a frequent practice among developers. Although programmers refactor frequently, they usually do not use refactoring tools to automate this process. We argue that the need to recall the name of a refactoring before the appropriate tool can be invoked makes it unnecessarily hard to initiate a refactoring with a tool. Conventional ways of initiating a tool also make it hard to transition from novice tool user to expert tool user. The contribution of this paper is a memorable mapping from gestures to refactorings, and an implementation of that mapping in the form of marking menus. In the first reported experiment to explore the effect of the position of items in marking menus on people's ability to infer the location of those items, we asked 16 programmers to complete a paper-based evaluation of our mapping. The results suggest that programmers can infer the gesture that will invoke the appropriate refactoring tool, even if they do not know the name of the refactoring. We also illustrate how marking menus might be used for refactoring during development with two other small studies.}, booktitle={2011 ieee symposium on visual languages and human-centric computing (vl/hcc 2011)}, author={Murphy-Hill, E. and Ayazifar, M. and Black, A. P.}, year={2011}, pages={165–172} }
 @inproceedings{murphy-hill_black_2010, title={An interactive ambient visualization for code smells}, DOI={10.1145/1879211.1879216}, abstractNote={Code smells are characteristics of software that indicate that code may have a design problem. Code smells have been proposed as a way for programmers to recognize the need for restructuring their software. Because code smells can go unnoticed while programmers are working, tools called smell detectors have been developed to alert programmers to the presence of smells in their code, and to help them understand the cause of those smells. In this paper, we propose a novel smell detector called Stench Blossom that provides an interactive ambient visualization designed to first give programmers a quick, high-level overview of the smells in their code, and then, if they wish, to help in understanding the sources of those code smells. We also describe a laboratory experiment with 12 programmers that tests several hypotheses about our tool. Our findings suggest that programmers can use our tool effectively to identify smells and to make refactoring judgements. This is partly because the tool serves as a memory aid, and partly because it is more reliable and easier to use than heuristics for analyzing smells.}, booktitle={Softvis 2010: Proceedings of the 2010 International Symposium on Software Visualization}, author={Murphy-Hill, E. and Black, A. P.}, year={2010}, pages={5–14} }
 @article{cushing_nadkarni_finch_fiala_murphy-hill_delcambre_maier_2007, title={Component-based end-user database design for ecologists}, volume={29}, ISSN={0925-9902 1573-7675}, url={http://dx.doi.org/10.1007/S10844-006-0028-6}, DOI={10.1007/S10844-006-0028-6}, number={1}, journal={Journal of Intelligent Information Systems}, publisher={Springer Science and Business Media LLC}, author={Cushing, Judith Bayard and Nadkarni, Nalini and Finch, Michael and Fiala, Anne and Murphy-Hill, Emerson and Delcambre, Lois and Maier, David}, year={2007}, month={Feb}, pages={7–24} }