SlideShare a Scribd company logo

Mining Fix Patterns for FindBugs Violations

Dongsun Kim
Dongsun Kim

Several static analysis tools, such as Splint or FindBugs, have been proposed to the software development community to help detect security vulnerabilities or bad programming practices. However, the adoption of these tools is hindered by their high false positive rates. If the false positive rate is too high, developers may get acclimated to violation reports from these tools, causing concrete and severe bugs being overlooked. Fortunately, some violations are actually addressed and resolved by developers. We claim that those violations that are recurrently fixed are likely to be true positives, and an automated approach can learn to repair similar unseen violations. However, there is lack of a systematic way to investigate the distributions on existing violations and fixed ones in the wild, that can provide insights into prioritizing violations for developers, and an effective way to mine code and fix patterns which can help developers easily understand the reasons of leading violations and how to fix them. In this paper, we first collect and track a large number of fixed and unfixed violations across revisions of software. The empirical analyses reveal that there are discrepancies in the distributions of violations that are detected and those that are fixed, in terms of occurrences, spread and categories, which can provide insights into prioritizing violations. To automatically identify patterns in violations and their fixes, we propose an approach that utilizes convolutional neural networks to learn features and clustering to regroup similar instances. We then evaluate the usefulness of the identified fix patterns by applying them to unfixed violations. The results show that developers will accept and merge a majority (69/116) of fixes generated from the inferred fix patterns. It is also noteworthy that the yielded patterns are applicable to four real bugs in the Defects4J major benchmark for software testing and automated repair.

Technology
1 of 59
Download to read offline
Mining Fix Patterns for 
 FindBugsViolations logotype of the University of Luxembourg 1 Interdisciplinary Centre for Security, Reliability and Trust (SnT), University of Luxembourg 2 School of Computing, KAIST, Daejeon, Republic of Korea Kui Liu1, Dongsun Kim1, Tegawendé F. Bissyandé1, 
 Shin Yoo2, Yves Le Traon1 29th May 2019
2 Static Analysis Tools
2 Static Analysis Tools Error Prone
2 Static Analysis Tools Error Prone Useful to detect common bugs/defects.
3 Violations from Static Analysis Tools Static analysis tools such as FindBugs detect violations Developers may (or may not) change source code to fix the violations.
3 Violations from Static Analysis Tools Static analysis tools such as FindBugs detect violations PopulateRepositoryMojo.java file at revision bdf3fe in project nbm-maven-plugin. Terms—Fix pattern, pattern mining, program repair, findbugs violation, unsupervised learning. F ODUCTION oftware projects widely use static code analysis ssess software quality and identify potential de- eral commercial [1], [2], [3] and open-source [4], ] tools are integrated into many software projects, operating system development projects [8]. For Java-based projects often adopt FindBugs [4] or while C projects use Splint [6], cppcheck [7], Static Analyzer [9], while Linux driver code matically assessed with a battery of static analyzers parse and the LDV toolkit. Developers may benefit tools before running a program in real environ- en though those tools do not guarantee that all defects are real bugs [10]. analysis can detect several types of defects such y vulnerabilities, performance issues, and bad ming practices (so-called code smells) [11]. Re- es denote those defects as static analysis viola- public boolean equals(Object obj) { // Violation Type: // BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS return getModule().equals( ((ModuleWrapper) obj).getModule()); } Fig. 1: Example of a detected violation, taken from Popu- lateRepositoryMojo.java file at revision bdf3fe in project nbm-maven-plugin1 . As later addressed by developers via a patch represented in Fig. 2, the method should return false if obj is not of the same type as the object being compared. In this case, when the type of obj argument is not the type of ModuleWrapper, a java.lang.ClassCastException should be thrown. public boolean equals(Object obj) { - return getModule().equals( Example Developers may (or may not) change source code to fix the violations.
3 Violations from Static Analysis Tools Static analysis tools such as FindBugs detect violations PopulateRepositoryMojo.java file at revision bdf3fe in project nbm-maven-plugin. Terms—Fix pattern, pattern mining, program repair, findbugs violation, unsupervised learning. F ODUCTION oftware projects widely use static code analysis ssess software quality and identify potential de- eral commercial [1], [2], [3] and open-source [4], ] tools are integrated into many software projects, operating system development projects [8]. For Java-based projects often adopt FindBugs [4] or while C projects use Splint [6], cppcheck [7], Static Analyzer [9], while Linux driver code matically assessed with a battery of static analyzers parse and the LDV toolkit. Developers may benefit tools before running a program in real environ- en though those tools do not guarantee that all defects are real bugs [10]. analysis can detect several types of defects such y vulnerabilities, performance issues, and bad ming practices (so-called code smells) [11]. Re- es denote those defects as static analysis viola- public boolean equals(Object obj) { // Violation Type: // BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS return getModule().equals( ((ModuleWrapper) obj).getModule()); } Fig. 1: Example of a detected violation, taken from Popu- lateRepositoryMojo.java file at revision bdf3fe in project nbm-maven-plugin1 . As later addressed by developers via a patch represented in Fig. 2, the method should return false if obj is not of the same type as the object being compared. In this case, when the type of obj argument is not the type of ModuleWrapper, a java.lang.ClassCastException should be thrown. public boolean equals(Object obj) { - return getModule().equals( Example Developers may (or may not) change source code to fix the violations. n software projects widely use static code analysis o assess software quality and identify potential de- everal commercial [1], [2], [3] and open-source [4], [7] tools are integrated into many software projects, ng operating system development projects [8]. For e, Java-based projects often adopt FindBugs [4] or ] while C projects use Splint [6], cppcheck [7], ng Static Analyzer [9], while Linux driver code tematically assessed with a battery of static analyzers Sparse and the LDV toolkit. Developers may benefit he tools before running a program in real environ- even though those tools do not guarantee that all ed defects are real bugs [10]. ic analysis can detect several types of defects such urity vulnerabilities, performance issues, and bad mming practices (so-called code smells) [11]. Re- udies denote those defects as static analysis viola- 12] or alerts [13]. In the remainder of this paper, ply refer to them as violations. Fig. 1 shows a viola- stance, detected by FindBugs, which is a violation BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS, oes not comply with the programming rule that the mentation of method equals(Object obj) should ke any assumption about the type of its obj argu- // Violation Type: // BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS return getModule().equals( ((ModuleWrapper) obj).getModule()); } Fig. 1: Example of a detected violation, taken from Popu- lateRepositoryMojo.java file at revision bdf3fe in project nbm-maven-plugin1 . As later addressed by developers via a patch represented in Fig. 2, the method should return false if obj is not of the same type as the object being compared. In this case, when the type of obj argument is not the type of ModuleWrapper, a java.lang.ClassCastException should be thrown. public boolean equals(Object obj) { - return getModule().equals( - ((ModuleWrapper) obj).getModule()); + return obj instanceof ModuleWrapper && + getModule().equals( + ((ModuleWrapper) obj).getModule()); } Fig. 2: Example of fixing violation, taken from Commit 0fd11c of project nbm-maven-plugin. Commit 0fd11c of project nbm-maven-plugin Example
4 How to fix them? FindBugs
4 How to fix them? FindBugs
4 How to fix them? FindBugs
5 Fixing based on bug description?
6 Fixing based on bug description?
6 Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method.
6 Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method.
6 Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method.
6 Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method.
7 Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method. Requires strong background knowledge. Provides not enough details.
8 Revision History Collecting violation-fixing changes
9 Revision History Program before changes Collecting violation-fixing changes
10 Revision History Program before changes FindBugs
11 Revision History Program before changes
12 Revision History Program before changes Patches
13 Revision History Program before changes
14 Revision History Program before changes Program after changes FindBugs
15 Revision History Program before changes Program after changes
15 Revision History Program before changes Program after changes
16 Revision History Program before changes Program after changes
17 Revision History Idea: Mining violation-fixing changes patterns
17 Revision History Idea: Mining violation-fixing changes patterns
17 Revision History Idea: Mining violation-fixing changes patterns Violation-fixing Changes
17 Revision History Idea: Mining violation-fixing changes patterns Violation-fixing Changes
17 Revision History Idea: Mining violation-fixing changes patterns Violation-fixing Changes Pattern Mining
17 Revision History Idea: Mining violation-fixing changes patterns Violation-fixing Changes Pattern Mining
17 Revision History Idea: Mining violation-fixing changes patterns Violation-fixing Changes Pattern Mining Fix Patterns
Approach 18
Approach 18
19 Overview
20 … … … … … … … Projects Commits Collecting violations with a static analysis tool SATool Violations Collecting violations
20 … … … … … … … Projects Commits Collecting violations with a static analysis tool SATool Violations Collecting violations <ViolationInstance> <ViolationType> BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS </ViolationType> <ProjectName> nbm-maven-plugin</ProjectName> <CommitVersionID>bdf3fe</CommitVersionID> <FilePath>nb-repository-plugin/src/main/java/org/ codehaus/mojo/nbm/repository/PopulateRepository Mojo.java</FilePath> <StartLineNumber>1195</StartLineNumber> <EndLineNumber>1195</EndLineNumber> </ViolationInstance>
21 Tracking violations Identify identical violations between revisions*. Detect whether a violation is fixed, or just removed. [*] P. Avgustinov, A. I. Baars, A. S. Henriksen, G. Lavender, G. Menzel, O. de Moor, M. Schfer, and J. Tibble, “Tracking Static Analysis Violations over Time to Capture Developer Characteristics,” in Proceedings of the 37th International Conference on Software Engineering, 2015, pp. 437–447. 

22 Parsing changes (i.e., patches) UPD ReturnStatement@@”return getModule().equals(((ModuleWrapper) obj).getModule());” ---INS InfixExpression@@”obj instanceof ModuleWrapper…” to ReturnStatement ------INS InstanceofExpression@@”obj instanceof ModuleWrapper ” to InfixExpression ---------INS Variable@@”obj” to InstanceofExpression ---------INS Operator@@”instanceof” to InstanceofExpression ---------INS SimpleType@@”ModuleWrapper” to InstanceofExpression ------MOV MethodInvocation@@” getModule().equals(…)” to InfixExpression We used GumTree* to identify AST-level changes. [*] J.-R. Falleri, F. Morandat, X. Blanc, M. Martinez, and M. Monperrus, “Fine-grained and accurate source code differencing,” in ACM/IEEE International Conference on Automated Software Engineering. Vasteras, Sweden - September 15 - 19: ACM, 2014, pp. 313–324.
23 Tokenizing change information UPD ReturnStatement@@”return getModule().equals(((ModuleWrapper) obj).getModule());” ---INS InfixExpression@@”obj instanceof ModuleWrapper…” to ReturnStatement ------INS InstanceofExpression@@”obj instanceof ModuleWrapper ” to InfixExpression ---------INS Variable@@”obj” to InstanceofExpression ---------INS Operator@@”instanceof” to InstanceofExpression ---------INS SimpleType@@”ModuleWrapper” to InstanceofExpression ------MOV MethodInvocation@@” getModule().equals(…)” to InfixExpression
23 Tokenizing change information [UPD ReturnStatement, INS InfixExpression, INS InstanceofExpression, INSVariable, INS Operator, INS SimpleType, MOV MethodInvocation] UPD ReturnStatement@@”return getModule().equals(((ModuleWrapper) obj).getModule());” ---INS InfixExpression@@”obj instanceof ModuleWrapper…” to ReturnStatement ------INS InstanceofExpression@@”obj instanceof ModuleWrapper ” to InfixExpression ---------INS Variable@@”obj” to InstanceofExpression ---------INS Operator@@”instanceof” to InstanceofExpression ---------INS SimpleType@@”ModuleWrapper” to InstanceofExpression ------MOV MethodInvocation@@” getModule().equals(…)” to InfixExpression Token Embedding (Word2Vec) <2, 6, 9, …> <8, 4, 1, …> <9, 0, 7, …> <2, 3, 0, …> … <7, 1, 2, …> …
23 Tokenizing change information [UPD ReturnStatement, INS InfixExpression, INS InstanceofExpression, INSVariable, INS Operator, INS SimpleType, MOV MethodInvocation] UPD ReturnStatement@@”return getModule().equals(((ModuleWrapper) obj).getModule());” ---INS InfixExpression@@”obj instanceof ModuleWrapper…” to ReturnStatement ------INS InstanceofExpression@@”obj instanceof ModuleWrapper ” to InfixExpression ---------INS Variable@@”obj” to InstanceofExpression ---------INS Operator@@”instanceof” to InstanceofExpression ---------INS SimpleType@@”ModuleWrapper” to InstanceofExpression ------MOV MethodInvocation@@” getModule().equals(…)” to InfixExpression Token Embedding (Word2Vec) <2, 6, 9, …> <8, 4, 1, …> <9, 0, 7, …> <2, 3, 0, …> … <7, 1, 2, …> …
24 … … n × k (a two-dimensional numeric vector) Input layer C1: 4 feature maps S1: 4 feature maps C2: 6 feature maps S2: 6 feature maps Convolutional layer Convolutional layerSubsampling layer Subsampling layer Fully connected layers Output layer UPD ReturnStatement INS InfixExpression INS InstanceofExpression INS Variable INS Operator INS SimpleType MOV MethodInvocation INSMethod 0 0 0 0 0 0 Dense layer Output is extracted features Embedding change information
24 … … n × k (a two-dimensional numeric vector) Input layer C1: 4 feature maps S1: 4 feature maps C2: 6 feature maps S2: 6 feature maps Convolutional layer Convolutional layerSubsampling layer Subsampling layer Fully connected layers Output layer UPD ReturnStatement INS InfixExpression INS InstanceofExpression INS Variable INS Operator INS SimpleType MOV MethodInvocation INSMethod 0 0 0 0 0 0 Dense layer Output is extracted features Embedding change information
25 Clustering Patches and Identifying Fix Patterns Violation Type: BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS Patch Example: - return exp1().equals(((T)obj).exp2()); + return obj instanceof T && exp1(). equals(((T)obj).exp2()); Fix Pattern###: UPD ReturnStatement ---INS InfixExpression ------MOV MethodInvocation ------INS InstanceofExpression ---------INS Variable ---------INS Instanceof ---------INS SimpleType ------INS Operator [*] D. Pelleg, A. W. Moore et al., “X-means: Extending k-means with efficient estimation of the number of clusters.” in ICML, vol. 1, 2000, pp. 727–734. *
26 Evaluation
27hese violations, as a result, 16,918,530 distinct e identified. ABLE 1: Subjects used in this study. # Projects 730 # Commits 291,615 # Violations (detected) 250,387,734 # Distinct violations 16,918,530 # Violations types 400 Subjects Collected from GitHub.com. With at least one violation fixing commits.
28 Fix Patterns Identified Violation Type: BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS Patch Example: - return exp1().equals(((T)obj).exp2()); + return obj instanceof T && exp1().equals(((T)obj).exp2()); Fix Pattern###: UPD ReturnStatement ---INS InfixExpression ------MOV MethodInvocation ------INS InstanceofExpression ---------INS Variable ---------INS Instanceof ---------INS SimpleType ------INS Operator We have identified 174 fix patterns for 111 violation types. Example
29
30 Comparison (Defects4J) Chart Closure Lang Math Mokito Time Total AVATAR* 5 8 5 6 2 1 27 CapGen 4 0 5 12 0 0 21 Nopol 1 0 3 1 0 0 5 ACS 2 0 3 12 0 1 18 SimFix 4 6 9 14 0 1 34 [*] K. Liu, A. Koyuncu, D. Kim, and T. F. Bissyandè, “AVATAR: Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations,” in 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER), 2019, pp. 1–12.
30 Comparison (Defects4J) Chart Closure Lang Math Mokito Time Total AVATAR* 5 8 5 6 2 1 27 CapGen 4 0 5 12 0 0 21 Nopol 1 0 3 1 0 0 5 ACS 2 0 3 12 0 1 18 SimFix 4 6 9 14 0 1 34 [*] K. Liu, A. Koyuncu, D. Kim, and T. F. Bissyandè, “AVATAR: Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations,” in 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER), 2019, pp. 1–12.
30 Comparison (Defects4J) Chart Closure Lang Math Mokito Time Total AVATAR* 5 8 5 6 2 1 27 CapGen 4 0 5 12 0 0 21 Nopol 1 0 3 1 0 0 5 ACS 2 0 3 12 0 1 18 SimFix 4 6 9 14 0 1 34 Note that our fix patterns are extracted only from violation fixing patterns. [*] K. Liu, A. Koyuncu, D. Kim, and T. F. Bissyandè, “AVATAR: Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations,” in 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER), 2019, pp. 1–12.
31 Live Study Subject # Pull Requests Submitted Merged Improved Rejected Ignored json-simple 2 2 commons-io 2 2 commons-lang 7 1 1 5 commons-math 6 6 ant 16 9 1 4 2 cassandra 9 9 mahout 3 3 aries 5 5 poi 44 44 camel 22 14 8 Total 116 67 2 15 32
31 Live Study Subject # Pull Requests Submitted Merged Improved Rejected Ignored json-simple 2 2 commons-io 2 2 commons-lang 7 1 1 5 commons-math 6 6 ant 16 9 1 4 2 cassandra 9 9 mahout 3 3 aries 5 5 poi 44 44 camel 22 14 8 Total 116 67 2 15 32
32 Summary X Live Study Subject # Pull Requests Submitted Merged Improved Rejected Ignored json-simple 2 2 commons-io 2 2 commons-lang 7 1 1 5 commons-math 6 6 ant 16 9 1 4 2 cassandra 9 9 mahout 3 3 aries 5 5 poi 44 44 camel 22 14 8 Total 116 67 2 15 32 X … … n × k (a two-dimensional numeric vector) Input layer C1: 4 feature maps S1: 4 feature maps C2: 6 feature maps S2: 6 feature maps Convolutional layer Convolutional layerSubsampling layer Subsampling layer Fully connected layers Output layer UPD ReturnStatement INS InfixExpression INS InstanceofExpression INS Variable INS Operator INS SimpleType MOV MethodInvocation INSMethod 0 0 0 0 0 0 Dense layer Output is extracted features Embedding change information X Overview X Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method.
33 Tool and Data https://github.com/FixPattern/findbugs-violations
34 https://www.darkrsw.net http://wwwen.uni.lu/snt/ research/serval Université du Luxembourg 1.1 - logotype of the University of Luxembourg The logotype may not be altered under any circumstances. It is to be used like this for all communication mediums. Université du Luxembourg © 03/2013 3.1 - the Interdisciplinary Centre for Security Reliability and Trust The SnT uses its own logo. It is used on all external communication tools in combination with the UL logo. Design guidelines are available at SnT. Hire me! Hiring

Recommended

TBar: Revisiting Template-based Automated Program Repair
TBar: Revisiting Template-based Automated Program RepairTBar: Revisiting Template-based Automated Program Repair
TBar: Revisiting Template-based Automated Program RepairDongsun Kim
 
Learning to Spot and Refactor Inconsistent Method Names
Learning to Spot and Refactor Inconsistent Method NamesLearning to Spot and Refactor Inconsistent Method Names
Learning to Spot and Refactor Inconsistent Method NamesDongsun Kim
 
A Closer Look at Real-World Patches
A Closer Look at Real-World PatchesA Closer Look at Real-World Patches
A Closer Look at Real-World PatchesDongsun Kim
 
iFixR: Bug Report Driven Program Repair
iFixR: Bug Report Driven Program RepairiFixR: Bug Report Driven Program Repair
iFixR: Bug Report Driven Program RepairDongsun Kim
 
Bench4BL: Reproducibility Study on the Performance of IR-Based Bug Localization
Bench4BL: Reproducibility Study on the Performance of IR-Based Bug LocalizationBench4BL: Reproducibility Study on the Performance of IR-Based Bug Localization
Bench4BL: Reproducibility Study on the Performance of IR-Based Bug LocalizationDongsun Kim
 
LSRepair: Live Search of Fix Ingredients for Automated Program Repair
LSRepair: Live Search of Fix Ingredients for Automated Program RepairLSRepair: Live Search of Fix Ingredients for Automated Program Repair
LSRepair: Live Search of Fix Ingredients for Automated Program RepairDongsun Kim
 
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...Dongsun Kim
 
Impact of Tool Support in Patch Construction
Impact of Tool Support in Patch ConstructionImpact of Tool Support in Patch Construction
Impact of Tool Support in Patch ConstructionDongsun Kim
 

Recommended

TBar: Revisiting Template-based Automated Program Repair
TBar: Revisiting Template-based Automated Program RepairTBar: Revisiting Template-based Automated Program Repair
TBar: Revisiting Template-based Automated Program RepairDongsun Kim
 
Learning to Spot and Refactor Inconsistent Method Names
Learning to Spot and Refactor Inconsistent Method NamesLearning to Spot and Refactor Inconsistent Method Names
Learning to Spot and Refactor Inconsistent Method NamesDongsun Kim
 
A Closer Look at Real-World Patches
A Closer Look at Real-World PatchesA Closer Look at Real-World Patches
A Closer Look at Real-World PatchesDongsun Kim
 
iFixR: Bug Report Driven Program Repair
iFixR: Bug Report Driven Program RepairiFixR: Bug Report Driven Program Repair
iFixR: Bug Report Driven Program RepairDongsun Kim
 
Bench4BL: Reproducibility Study on the Performance of IR-Based Bug Localization
Bench4BL: Reproducibility Study on the Performance of IR-Based Bug LocalizationBench4BL: Reproducibility Study on the Performance of IR-Based Bug Localization
Bench4BL: Reproducibility Study on the Performance of IR-Based Bug LocalizationDongsun Kim
 
LSRepair: Live Search of Fix Ingredients for Automated Program Repair
LSRepair: Live Search of Fix Ingredients for Automated Program RepairLSRepair: Live Search of Fix Ingredients for Automated Program Repair
LSRepair: Live Search of Fix Ingredients for Automated Program RepairDongsun Kim
 
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...Dongsun Kim
 
Impact of Tool Support in Patch Construction
Impact of Tool Support in Patch ConstructionImpact of Tool Support in Patch Construction
Impact of Tool Support in Patch ConstructionDongsun Kim
 
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis ViolationsAVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis ViolationsDongsun Kim
 
Automated Program Repair Keynote talk
Automated Program Repair Keynote talkAutomated Program Repair Keynote talk
Automated Program Repair Keynote talkAbhik Roychoudhury
 
Code Analysis-run time error prediction
Code Analysis-run time error predictionCode Analysis-run time error prediction
Code Analysis-run time error predictionNIKHIL NAWATHE
 
Test final jav_aaa
Test final jav_aaaTest final jav_aaa
Test final jav_aaaBagusBudi11
 
Opal Hermes - towards representative benchmarks
Opal Hermes - towards representative benchmarksOpal Hermes - towards representative benchmarks
Opal Hermes - towards representative benchmarksMichaelEichberg1
 
Cppcheck and PVS-Studio compared
Cppcheck and PVS-Studio comparedCppcheck and PVS-Studio compared
Cppcheck and PVS-Studio comparedPVS-Studio
 
SherLog: Error Diagnosis by Connecting Clues from Run-time Logs
SherLog: Error Diagnosis by Connecting Clues from Run-time LogsSherLog: Error Diagnosis by Connecting Clues from Run-time Logs
SherLog: Error Diagnosis by Connecting Clues from Run-time LogsDacong (Tony) Yan
 
150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysis150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysisRaghu Palakodety
 
Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)Sung Kim
 
Tesseract. Recognizing Errors in Recognition Software
Tesseract. Recognizing Errors in Recognition SoftwareTesseract. Recognizing Errors in Recognition Software
Tesseract. Recognizing Errors in Recognition SoftwareAndrey Karpov
 
Handling Exceptions In C &amp; C++ [Part B] Ver 2
Handling Exceptions In C &amp; C++ [Part B] Ver 2Handling Exceptions In C &amp; C++ [Part B] Ver 2
Handling Exceptions In C &amp; C++ [Part B] Ver 2ppd1961
 
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...Lionel Briand
 
Static analysis works for mission-critical systems, why not yours?
Static analysis works for mission-critical systems, why not yours? Static analysis works for mission-critical systems, why not yours?
Static analysis works for mission-critical systems, why not yours? Rogue Wave Software
 
Headache from using mathematical software
Headache from using mathematical softwareHeadache from using mathematical software
Headache from using mathematical softwarePVS-Studio
 
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)Sung Kim
 
Repair dagstuhl jan2017
Repair dagstuhl jan2017Repair dagstuhl jan2017
Repair dagstuhl jan2017Abhik Roychoudhury
 
Mobilesoft 2017 Keynote
Mobilesoft 2017 KeynoteMobilesoft 2017 Keynote
Mobilesoft 2017 KeynoteAbhik Roychoudhury
 
STAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash ReproductionSTAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash ReproductionSung Kim
 
Assessing Product Line Derivation Operators Applied to Java Source Code: An E...
Assessing Product Line Derivation Operators Applied to Java Source Code: An E...Assessing Product Line Derivation Operators Applied to Java Source Code: An E...
Assessing Product Line Derivation Operators Applied to Java Source Code: An E...University of Rennes, INSA Rennes, Inria/IRISA, CNRS
 
How to Profit from Static Analysis
How to Profit from Static AnalysisHow to Profit from Static Analysis
How to Profit from Static AnalysisElena Laskavaia
 
Testing parallel programs
Testing parallel programsTesting parallel programs
Testing parallel programsPVS-Studio
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codeAndrey Karpov
 

More Related Content

What's hot

AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis ViolationsAVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis ViolationsDongsun Kim
 
Automated Program Repair Keynote talk
Automated Program Repair Keynote talkAutomated Program Repair Keynote talk
Automated Program Repair Keynote talkAbhik Roychoudhury
 
Code Analysis-run time error prediction
Code Analysis-run time error predictionCode Analysis-run time error prediction
Code Analysis-run time error predictionNIKHIL NAWATHE
 
Test final jav_aaa
Test final jav_aaaTest final jav_aaa
Test final jav_aaaBagusBudi11
 
Opal Hermes - towards representative benchmarks
Opal Hermes - towards representative benchmarksOpal Hermes - towards representative benchmarks
Opal Hermes - towards representative benchmarksMichaelEichberg1
 
Cppcheck and PVS-Studio compared
Cppcheck and PVS-Studio comparedCppcheck and PVS-Studio compared
Cppcheck and PVS-Studio comparedPVS-Studio
 
SherLog: Error Diagnosis by Connecting Clues from Run-time Logs
SherLog: Error Diagnosis by Connecting Clues from Run-time LogsSherLog: Error Diagnosis by Connecting Clues from Run-time Logs
SherLog: Error Diagnosis by Connecting Clues from Run-time LogsDacong (Tony) Yan
 
150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysis150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysisRaghu Palakodety
 
Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)Sung Kim
 
Tesseract. Recognizing Errors in Recognition Software
Tesseract. Recognizing Errors in Recognition SoftwareTesseract. Recognizing Errors in Recognition Software
Tesseract. Recognizing Errors in Recognition SoftwareAndrey Karpov
 
Handling Exceptions In C &amp; C++ [Part B] Ver 2
Handling Exceptions In C &amp; C++ [Part B] Ver 2Handling Exceptions In C &amp; C++ [Part B] Ver 2
Handling Exceptions In C &amp; C++ [Part B] Ver 2ppd1961
 
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...Lionel Briand
 
Static analysis works for mission-critical systems, why not yours?
Static analysis works for mission-critical systems, why not yours? Static analysis works for mission-critical systems, why not yours?
Static analysis works for mission-critical systems, why not yours? Rogue Wave Software
 
Headache from using mathematical software
Headache from using mathematical softwareHeadache from using mathematical software
Headache from using mathematical softwarePVS-Studio
 
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)Sung Kim
 
STAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash ReproductionSTAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash ReproductionSung Kim
 
How to Profit from Static Analysis
How to Profit from Static AnalysisHow to Profit from Static Analysis
How to Profit from Static AnalysisElena Laskavaia
 

What's hot (20)

AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis ViolationsAVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
 
Automated Program Repair Keynote talk
Automated Program Repair Keynote talkAutomated Program Repair Keynote talk
Automated Program Repair Keynote talk
 
Code Analysis-run time error prediction
Code Analysis-run time error predictionCode Analysis-run time error prediction
Code Analysis-run time error prediction
 
Test final jav_aaa
Test final jav_aaaTest final jav_aaa
Test final jav_aaa
 
Opal Hermes - towards representative benchmarks
Opal Hermes - towards representative benchmarksOpal Hermes - towards representative benchmarks
Opal Hermes - towards representative benchmarks
 
Cppcheck and PVS-Studio compared
Cppcheck and PVS-Studio comparedCppcheck and PVS-Studio compared
Cppcheck and PVS-Studio compared
 
SherLog: Error Diagnosis by Connecting Clues from Run-time Logs
SherLog: Error Diagnosis by Connecting Clues from Run-time LogsSherLog: Error Diagnosis by Connecting Clues from Run-time Logs
SherLog: Error Diagnosis by Connecting Clues from Run-time Logs
 
150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysis150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysis
 
Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)
 
Tesseract. Recognizing Errors in Recognition Software
Tesseract. Recognizing Errors in Recognition SoftwareTesseract. Recognizing Errors in Recognition Software
Tesseract. Recognizing Errors in Recognition Software
 
Handling Exceptions In C &amp; C++ [Part B] Ver 2
Handling Exceptions In C &amp; C++ [Part B] Ver 2Handling Exceptions In C &amp; C++ [Part B] Ver 2
Handling Exceptions In C &amp; C++ [Part B] Ver 2
 
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...
 
Static analysis works for mission-critical systems, why not yours?
Static analysis works for mission-critical systems, why not yours? Static analysis works for mission-critical systems, why not yours?
Static analysis works for mission-critical systems, why not yours?
 
Headache from using mathematical software
Headache from using mathematical softwareHeadache from using mathematical software
Headache from using mathematical software
 
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
 
Repair dagstuhl jan2017
Repair dagstuhl jan2017Repair dagstuhl jan2017
Repair dagstuhl jan2017
 
Mobilesoft 2017 Keynote
Mobilesoft 2017 KeynoteMobilesoft 2017 Keynote
Mobilesoft 2017 Keynote
 
STAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash ReproductionSTAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash Reproduction
 
Assessing Product Line Derivation Operators Applied to Java Source Code: An E...
Assessing Product Line Derivation Operators Applied to Java Source Code: An E...Assessing Product Line Derivation Operators Applied to Java Source Code: An E...
Assessing Product Line Derivation Operators Applied to Java Source Code: An E...
 
How to Profit from Static Analysis
How to Profit from Static AnalysisHow to Profit from Static Analysis
How to Profit from Static Analysis
 

Similar to Mining Fix Patterns for FindBugs Violations

Testing parallel programs
Testing parallel programsTesting parallel programs
Testing parallel programsPVS-Studio
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codeAndrey Karpov
 
Looking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelopLooking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelopPVS-Studio
 
Static Analysis
Static AnalysisStatic Analysis
Static Analysisalice yang
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio
 
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-StudioAnalysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-StudioPVS-Studio
 
We continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellWe continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellPVS-Studio
 
Machine Learning in Static Analysis of Program Source Code
Machine Learning in Static Analysis of Program Source CodeMachine Learning in Static Analysis of Program Source Code
Machine Learning in Static Analysis of Program Source CodeAndrey Karpov
 
Diving into VS 2015 Day2
Diving into VS 2015 Day2Diving into VS 2015 Day2
Diving into VS 2015 Day2Akhil Mittal
 
Chapter 10 Testing and Quality Assurance1Unders.docx
Chapter 10 Testing and Quality Assurance1Unders.docxChapter 10 Testing and Quality Assurance1Unders.docx
Chapter 10 Testing and Quality Assurance1Unders.docxketurahhazelhurst
 
Traps detection during migration of C and C++ code to 64-bit Windows
Traps detection during migration of C and C++ code to 64-bit WindowsTraps detection during migration of C and C++ code to 64-bit Windows
Traps detection during migration of C and C++ code to 64-bit WindowsPVS-Studio
 
Static analysis as part of the development process in Unreal Engine
Static analysis as part of the development process in Unreal EngineStatic analysis as part of the development process in Unreal Engine
Static analysis as part of the development process in Unreal EnginePVS-Studio
 
New Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning RoslynNew Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning RoslynPVS-Studio
 
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Engineering Software Lab
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team developmentPVS-Studio
 
Problems of testing 64-bit applications
Problems of testing 64-bit applicationsProblems of testing 64-bit applications
Problems of testing 64-bit applicationsPVS-Studio
 
debuggingSession.pptx
debuggingSession.pptxdebuggingSession.pptx
debuggingSession.pptxmarawanwael
 
Reading Summary - Static Analysis to find Bugs & ROI Models for Static Analys...
Reading Summary - Static Analysis to find Bugs & ROI Models for Static Analys...Reading Summary - Static Analysis to find Bugs & ROI Models for Static Analys...
Reading Summary - Static Analysis to find Bugs & ROI Models for Static Analys...Artemisa Yescas Engler
 
7a Good Programming Practice.pptx
7a Good Programming Practice.pptx7a Good Programming Practice.pptx
7a Good Programming Practice.pptxDylanTilbury1
 
USING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTS
USING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTSUSING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTS
USING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTSijseajournal
 

Similar to Mining Fix Patterns for FindBugs Violations (20)

Testing parallel programs
Testing parallel programsTesting parallel programs
Testing parallel programs
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ code
 
Looking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelopLooking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelop
 
Static Analysis
Static AnalysisStatic Analysis
Static Analysis
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ code
 
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-StudioAnalysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-Studio
 
We continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShellWe continue checking Microsoft projects: analysis of PowerShell
We continue checking Microsoft projects: analysis of PowerShell
 
Machine Learning in Static Analysis of Program Source Code
Machine Learning in Static Analysis of Program Source CodeMachine Learning in Static Analysis of Program Source Code
Machine Learning in Static Analysis of Program Source Code
 
Diving into VS 2015 Day2
Diving into VS 2015 Day2Diving into VS 2015 Day2
Diving into VS 2015 Day2
 
Chapter 10 Testing and Quality Assurance1Unders.docx
Chapter 10 Testing and Quality Assurance1Unders.docxChapter 10 Testing and Quality Assurance1Unders.docx
Chapter 10 Testing and Quality Assurance1Unders.docx
 
Traps detection during migration of C and C++ code to 64-bit Windows
Traps detection during migration of C and C++ code to 64-bit WindowsTraps detection during migration of C and C++ code to 64-bit Windows
Traps detection during migration of C and C++ code to 64-bit Windows
 
Static analysis as part of the development process in Unreal Engine
Static analysis as part of the development process in Unreal EngineStatic analysis as part of the development process in Unreal Engine
Static analysis as part of the development process in Unreal Engine
 
New Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning RoslynNew Year PVS-Studio 6.00 Release: Scanning Roslyn
New Year PVS-Studio 6.00 Release: Scanning Roslyn
 
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
 
Problems of testing 64-bit applications
Problems of testing 64-bit applicationsProblems of testing 64-bit applications
Problems of testing 64-bit applications
 
debuggingSession.pptx
debuggingSession.pptxdebuggingSession.pptx
debuggingSession.pptx
 
Reading Summary - Static Analysis to find Bugs & ROI Models for Static Analys...
Reading Summary - Static Analysis to find Bugs & ROI Models for Static Analys...Reading Summary - Static Analysis to find Bugs & ROI Models for Static Analys...
Reading Summary - Static Analysis to find Bugs & ROI Models for Static Analys...
 
7a Good Programming Practice.pptx
7a Good Programming Practice.pptx7a Good Programming Practice.pptx
7a Good Programming Practice.pptx
 
USING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTS
USING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTSUSING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTS
USING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTS
 

Recently uploaded

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Recently uploaded (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Mining Fix Patterns for FindBugs Violations

  • 1. Mining Fix Patterns for 
 FindBugsViolations logotype of the University of Luxembourg 1 Interdisciplinary Centre for Security, Reliability and Trust (SnT), University of Luxembourg 2 School of Computing, KAIST, Daejeon, Republic of Korea Kui Liu1, Dongsun Kim1, Tegawendé F. Bissyandé1, 
 Shin Yoo2, Yves Le Traon1 29th May 2019
  • 4. 2 Static Analysis Tools Error Prone Useful to detect common bugs/defects.
  • 5. 3 Violations from Static Analysis Tools Static analysis tools such as FindBugs detect violations Developers may (or may not) change source code to fix the violations.
  • 6. 3 Violations from Static Analysis Tools Static analysis tools such as FindBugs detect violations PopulateRepositoryMojo.java file at revision bdf3fe in project nbm-maven-plugin. Terms—Fix pattern, pattern mining, program repair, findbugs violation, unsupervised learning. F ODUCTION oftware projects widely use static code analysis ssess software quality and identify potential de- eral commercial [1], [2], [3] and open-source [4], ] tools are integrated into many software projects, operating system development projects [8]. For Java-based projects often adopt FindBugs [4] or while C projects use Splint [6], cppcheck [7], Static Analyzer [9], while Linux driver code matically assessed with a battery of static analyzers parse and the LDV toolkit. Developers may benefit tools before running a program in real environ- en though those tools do not guarantee that all defects are real bugs [10]. analysis can detect several types of defects such y vulnerabilities, performance issues, and bad ming practices (so-called code smells) [11]. Re- es denote those defects as static analysis viola- public boolean equals(Object obj) { // Violation Type: // BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS return getModule().equals( ((ModuleWrapper) obj).getModule()); } Fig. 1: Example of a detected violation, taken from Popu- lateRepositoryMojo.java file at revision bdf3fe in project nbm-maven-plugin1 . As later addressed by developers via a patch represented in Fig. 2, the method should return false if obj is not of the same type as the object being compared. In this case, when the type of obj argument is not the type of ModuleWrapper, a java.lang.ClassCastException should be thrown. public boolean equals(Object obj) { - return getModule().equals( Example Developers may (or may not) change source code to fix the violations.
  • 7. 3 Violations from Static Analysis Tools Static analysis tools such as FindBugs detect violations PopulateRepositoryMojo.java file at revision bdf3fe in project nbm-maven-plugin. Terms—Fix pattern, pattern mining, program repair, findbugs violation, unsupervised learning. F ODUCTION oftware projects widely use static code analysis ssess software quality and identify potential de- eral commercial [1], [2], [3] and open-source [4], ] tools are integrated into many software projects, operating system development projects [8]. For Java-based projects often adopt FindBugs [4] or while C projects use Splint [6], cppcheck [7], Static Analyzer [9], while Linux driver code matically assessed with a battery of static analyzers parse and the LDV toolkit. Developers may benefit tools before running a program in real environ- en though those tools do not guarantee that all defects are real bugs [10]. analysis can detect several types of defects such y vulnerabilities, performance issues, and bad ming practices (so-called code smells) [11]. Re- es denote those defects as static analysis viola- public boolean equals(Object obj) { // Violation Type: // BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS return getModule().equals( ((ModuleWrapper) obj).getModule()); } Fig. 1: Example of a detected violation, taken from Popu- lateRepositoryMojo.java file at revision bdf3fe in project nbm-maven-plugin1 . As later addressed by developers via a patch represented in Fig. 2, the method should return false if obj is not of the same type as the object being compared. In this case, when the type of obj argument is not the type of ModuleWrapper, a java.lang.ClassCastException should be thrown. public boolean equals(Object obj) { - return getModule().equals( Example Developers may (or may not) change source code to fix the violations. n software projects widely use static code analysis o assess software quality and identify potential de- everal commercial [1], [2], [3] and open-source [4], [7] tools are integrated into many software projects, ng operating system development projects [8]. For e, Java-based projects often adopt FindBugs [4] or ] while C projects use Splint [6], cppcheck [7], ng Static Analyzer [9], while Linux driver code tematically assessed with a battery of static analyzers Sparse and the LDV toolkit. Developers may benefit he tools before running a program in real environ- even though those tools do not guarantee that all ed defects are real bugs [10]. ic analysis can detect several types of defects such urity vulnerabilities, performance issues, and bad mming practices (so-called code smells) [11]. Re- udies denote those defects as static analysis viola- 12] or alerts [13]. In the remainder of this paper, ply refer to them as violations. Fig. 1 shows a viola- stance, detected by FindBugs, which is a violation BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS, oes not comply with the programming rule that the mentation of method equals(Object obj) should ke any assumption about the type of its obj argu- // Violation Type: // BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS return getModule().equals( ((ModuleWrapper) obj).getModule()); } Fig. 1: Example of a detected violation, taken from Popu- lateRepositoryMojo.java file at revision bdf3fe in project nbm-maven-plugin1 . As later addressed by developers via a patch represented in Fig. 2, the method should return false if obj is not of the same type as the object being compared. In this case, when the type of obj argument is not the type of ModuleWrapper, a java.lang.ClassCastException should be thrown. public boolean equals(Object obj) { - return getModule().equals( - ((ModuleWrapper) obj).getModule()); + return obj instanceof ModuleWrapper && + getModule().equals( + ((ModuleWrapper) obj).getModule()); } Fig. 2: Example of fixing violation, taken from Commit 0fd11c of project nbm-maven-plugin. Commit 0fd11c of project nbm-maven-plugin Example
  • 8. 4 How to fix them? FindBugs
  • 9. 4 How to fix them? FindBugs
  • 10. 4 How to fix them? FindBugs
  • 11. 5 Fixing based on bug description?
  • 12. 6 Fixing based on bug description?
  • 13. 6 Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method.
  • 14. 6 Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method.
  • 15. 6 Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method.
  • 16. 6 Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method.
  • 17. 7 Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method. Requires strong background knowledge. Provides not enough details.
  • 30. 17 Revision History Idea: Mining violation-fixing changes patterns Violation-fixing Changes
  • 31. 17 Revision History Idea: Mining violation-fixing changes patterns Violation-fixing Changes
  • 32. 17 Revision History Idea: Mining violation-fixing changes patterns Violation-fixing Changes Pattern Mining
  • 33. 17 Revision History Idea: Mining violation-fixing changes patterns Violation-fixing Changes Pattern Mining
  • 34. 17 Revision History Idea: Mining violation-fixing changes patterns Violation-fixing Changes Pattern Mining Fix Patterns
  • 38. 20 … … … … … … … Projects Commits Collecting violations with a static analysis tool SATool Violations Collecting violations
  • 39. 20 … … … … … … … Projects Commits Collecting violations with a static analysis tool SATool Violations Collecting violations <ViolationInstance> <ViolationType> BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS </ViolationType> <ProjectName> nbm-maven-plugin</ProjectName> <CommitVersionID>bdf3fe</CommitVersionID> <FilePath>nb-repository-plugin/src/main/java/org/ codehaus/mojo/nbm/repository/PopulateRepository Mojo.java</FilePath> <StartLineNumber>1195</StartLineNumber> <EndLineNumber>1195</EndLineNumber> </ViolationInstance>
  • 40. 21 Tracking violations Identify identical violations between revisions*. Detect whether a violation is fixed, or just removed. [*] P. Avgustinov, A. I. Baars, A. S. Henriksen, G. Lavender, G. Menzel, O. de Moor, M. Schfer, and J. Tibble, “Tracking Static Analysis Violations over Time to Capture Developer Characteristics,” in Proceedings of the 37th International Conference on Software Engineering, 2015, pp. 437–447. 

  • 41. 22 Parsing changes (i.e., patches) UPD ReturnStatement@@”return getModule().equals(((ModuleWrapper) obj).getModule());” ---INS InfixExpression@@”obj instanceof ModuleWrapper…” to ReturnStatement ------INS InstanceofExpression@@”obj instanceof ModuleWrapper ” to InfixExpression ---------INS Variable@@”obj” to InstanceofExpression ---------INS Operator@@”instanceof” to InstanceofExpression ---------INS SimpleType@@”ModuleWrapper” to InstanceofExpression ------MOV MethodInvocation@@” getModule().equals(…)” to InfixExpression We used GumTree* to identify AST-level changes. [*] J.-R. Falleri, F. Morandat, X. Blanc, M. Martinez, and M. Monperrus, “Fine-grained and accurate source code differencing,” in ACM/IEEE International Conference on Automated Software Engineering. Vasteras, Sweden - September 15 - 19: ACM, 2014, pp. 313–324.
  • 42. 23 Tokenizing change information UPD ReturnStatement@@”return getModule().equals(((ModuleWrapper) obj).getModule());” ---INS InfixExpression@@”obj instanceof ModuleWrapper…” to ReturnStatement ------INS InstanceofExpression@@”obj instanceof ModuleWrapper ” to InfixExpression ---------INS Variable@@”obj” to InstanceofExpression ---------INS Operator@@”instanceof” to InstanceofExpression ---------INS SimpleType@@”ModuleWrapper” to InstanceofExpression ------MOV MethodInvocation@@” getModule().equals(…)” to InfixExpression
  • 43. 23 Tokenizing change information [UPD ReturnStatement, INS InfixExpression, INS InstanceofExpression, INSVariable, INS Operator, INS SimpleType, MOV MethodInvocation] UPD ReturnStatement@@”return getModule().equals(((ModuleWrapper) obj).getModule());” ---INS InfixExpression@@”obj instanceof ModuleWrapper…” to ReturnStatement ------INS InstanceofExpression@@”obj instanceof ModuleWrapper ” to InfixExpression ---------INS Variable@@”obj” to InstanceofExpression ---------INS Operator@@”instanceof” to InstanceofExpression ---------INS SimpleType@@”ModuleWrapper” to InstanceofExpression ------MOV MethodInvocation@@” getModule().equals(…)” to InfixExpression Token Embedding (Word2Vec) <2, 6, 9, …> <8, 4, 1, …> <9, 0, 7, …> <2, 3, 0, …> … <7, 1, 2, …> …
  • 44. 23 Tokenizing change information [UPD ReturnStatement, INS InfixExpression, INS InstanceofExpression, INSVariable, INS Operator, INS SimpleType, MOV MethodInvocation] UPD ReturnStatement@@”return getModule().equals(((ModuleWrapper) obj).getModule());” ---INS InfixExpression@@”obj instanceof ModuleWrapper…” to ReturnStatement ------INS InstanceofExpression@@”obj instanceof ModuleWrapper ” to InfixExpression ---------INS Variable@@”obj” to InstanceofExpression ---------INS Operator@@”instanceof” to InstanceofExpression ---------INS SimpleType@@”ModuleWrapper” to InstanceofExpression ------MOV MethodInvocation@@” getModule().equals(…)” to InfixExpression Token Embedding (Word2Vec) <2, 6, 9, …> <8, 4, 1, …> <9, 0, 7, …> <2, 3, 0, …> … <7, 1, 2, …> …
  • 45. 24 … … n × k (a two-dimensional numeric vector) Input layer C1: 4 feature maps S1: 4 feature maps C2: 6 feature maps S2: 6 feature maps Convolutional layer Convolutional layerSubsampling layer Subsampling layer Fully connected layers Output layer UPD ReturnStatement INS InfixExpression INS InstanceofExpression INS Variable INS Operator INS SimpleType MOV MethodInvocation INSMethod 0 0 0 0 0 0 Dense layer Output is extracted features Embedding change information
  • 46. 24 … … n × k (a two-dimensional numeric vector) Input layer C1: 4 feature maps S1: 4 feature maps C2: 6 feature maps S2: 6 feature maps Convolutional layer Convolutional layerSubsampling layer Subsampling layer Fully connected layers Output layer UPD ReturnStatement INS InfixExpression INS InstanceofExpression INS Variable INS Operator INS SimpleType MOV MethodInvocation INSMethod 0 0 0 0 0 0 Dense layer Output is extracted features Embedding change information
  • 47. 25 Clustering Patches and Identifying Fix Patterns Violation Type: BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS Patch Example: - return exp1().equals(((T)obj).exp2()); + return obj instanceof T && exp1(). equals(((T)obj).exp2()); Fix Pattern###: UPD ReturnStatement ---INS InfixExpression ------MOV MethodInvocation ------INS InstanceofExpression ---------INS Variable ---------INS Instanceof ---------INS SimpleType ------INS Operator [*] D. Pelleg, A. W. Moore et al., “X-means: Extending k-means with efficient estimation of the number of clusters.” in ICML, vol. 1, 2000, pp. 727–734. *
  • 49. 27hese violations, as a result, 16,918,530 distinct e identified. ABLE 1: Subjects used in this study. # Projects 730 # Commits 291,615 # Violations (detected) 250,387,734 # Distinct violations 16,918,530 # Violations types 400 Subjects Collected from GitHub.com. With at least one violation fixing commits.
  • 50. 28 Fix Patterns Identified Violation Type: BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS Patch Example: - return exp1().equals(((T)obj).exp2()); + return obj instanceof T && exp1().equals(((T)obj).exp2()); Fix Pattern###: UPD ReturnStatement ---INS InfixExpression ------MOV MethodInvocation ------INS InstanceofExpression ---------INS Variable ---------INS Instanceof ---------INS SimpleType ------INS Operator We have identified 174 fix patterns for 111 violation types. Example
  • 51. 29
  • 52. 30 Comparison (Defects4J) Chart Closure Lang Math Mokito Time Total AVATAR* 5 8 5 6 2 1 27 CapGen 4 0 5 12 0 0 21 Nopol 1 0 3 1 0 0 5 ACS 2 0 3 12 0 1 18 SimFix 4 6 9 14 0 1 34 [*] K. Liu, A. Koyuncu, D. Kim, and T. F. Bissyandè, “AVATAR: Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations,” in 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER), 2019, pp. 1–12.
  • 53. 30 Comparison (Defects4J) Chart Closure Lang Math Mokito Time Total AVATAR* 5 8 5 6 2 1 27 CapGen 4 0 5 12 0 0 21 Nopol 1 0 3 1 0 0 5 ACS 2 0 3 12 0 1 18 SimFix 4 6 9 14 0 1 34 [*] K. Liu, A. Koyuncu, D. Kim, and T. F. Bissyandè, “AVATAR: Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations,” in 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER), 2019, pp. 1–12.
  • 54. 30 Comparison (Defects4J) Chart Closure Lang Math Mokito Time Total AVATAR* 5 8 5 6 2 1 27 CapGen 4 0 5 12 0 0 21 Nopol 1 0 3 1 0 0 5 ACS 2 0 3 12 0 1 18 SimFix 4 6 9 14 0 1 34 Note that our fix patterns are extracted only from violation fixing patterns. [*] K. Liu, A. Koyuncu, D. Kim, and T. F. Bissyandè, “AVATAR: Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations,” in 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER), 2019, pp. 1–12.
  • 55. 31 Live Study Subject # Pull Requests Submitted Merged Improved Rejected Ignored json-simple 2 2 commons-io 2 2 commons-lang 7 1 1 5 commons-math 6 6 ant 16 9 1 4 2 cassandra 9 9 mahout 3 3 aries 5 5 poi 44 44 camel 22 14 8 Total 116 67 2 15 32
  • 56. 31 Live Study Subject # Pull Requests Submitted Merged Improved Rejected Ignored json-simple 2 2 commons-io 2 2 commons-lang 7 1 1 5 commons-math 6 6 ant 16 9 1 4 2 cassandra 9 9 mahout 3 3 aries 5 5 poi 44 44 camel 22 14 8 Total 116 67 2 15 32
  • 57. 32 Summary X Live Study Subject # Pull Requests Submitted Merged Improved Rejected Ignored json-simple 2 2 commons-io 2 2 commons-lang 7 1 1 5 commons-math 6 6 ant 16 9 1 4 2 cassandra 9 9 mahout 3 3 aries 5 5 poi 44 44 camel 22 14 8 Total 116 67 2 15 32 X … … n × k (a two-dimensional numeric vector) Input layer C1: 4 feature maps S1: 4 feature maps C2: 6 feature maps S2: 6 feature maps Convolutional layer Convolutional layerSubsampling layer Subsampling layer Fully connected layers Output layer UPD ReturnStatement INS InfixExpression INS InstanceofExpression INS Variable INS Operator INS SimpleType MOV MethodInvocation INSMethod 0 0 0 0 0 0 Dense layer Output is extracted features Embedding change information X Overview X Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method.
  • 59. 34 https://www.darkrsw.net http://wwwen.uni.lu/snt/ research/serval Université du Luxembourg 1.1 - logotype of the University of Luxembourg The logotype may not be altered under any circumstances. It is to be used like this for all communication mediums. Université du Luxembourg © 03/2013 3.1 - the Interdisciplinary Centre for Security Reliability and Trust The SnT uses its own logo. It is used on all external communication tools in combination with the UL logo. Design guidelines are available at SnT. Hire me! Hiring