Automatic Identification of Bug-Introducing Changes

Thomas Zimmermann
Thomas ZimmermannResearcher at Microsoft Research
Automatic Identification of Bug-Introducing Changes Sunghun Kim Kai Pan E. James Whitehead, Jr. University of California, Santa Cruz, USA Tom Zimmermann Saarland University, Saarbrücken, Germany
Motivation Bugs
Motivation Statistics Bugs
Motivation Statistics Detection Bugs
Motivation Statistics Detection Bugs Prediction
Motivation Statistics Detection Bugs Prediction Analysis
Motivation Statistics Detection Bugs Observation Prediction Analysis
So far: Focus on fixes teicher 2003-10-29 16:11:01 fixes issues mentioned in bug 45635: [hovering] rollover hovers - mouse exit detection is safer and should not allow for loopholes any more, except for shell deactiviation - hovers behave like normal ones: - tooltips pop up below the control - they move with subjectArea - once a popup is showing, they will show up instantly
So far: Focus on fixes teicher 2003-10-29 16:11:01 fixes issues mentioned in bug 45635: [hovering] rollover hovers - mouse exit detection is safer and should not allow for loopholes any more, except for shell deactiviation - hovers behave like normal ones: - tooltips pop up below the control - they move with subjectArea - once a popup is showing, they will show up instantly Fixes give only the location of a defect, not when it was introduced.
Bug-introducing changes BUG-INTRODUCING ... if (foo==null) { foo.bar(); ...
Bug-introducing changes BUG-INTRODUCING FIX ... ... later fixed if (foo==null) { if (foo!=null) { foo.bar(); foo.bar(); ... ...
Bug-introducing changes BUG-INTRODUCING FIX ... ... later fixed if (foo==null) { if (foo!=null) { foo.bar(); foo.bar(); ... ... Bug-introducing changes are changes that lead to problems as indicated by later fixes.
Life-cycle of a “bug”
Life-cycle of a “bug” BUG-INTRODUCING CHANGE
Life-cycle of a “bug” BUG REPORT fixes issues mentioned in bug 45635: [hovering] rollover hovers - mouse exit detection is safer and should not allow for loopholes any more, except for shell deactiviation - hovers behave like normal ones: - tooltips pop up below the control - they move with subjectArea - once a popup is showing, they will show up instantly BUG-INTRODUCING CHANGE
Life-cycle of a “bug” BUG REPORT fixes issues mentioned in bug 45635: [hovering] rollover hovers - mouse exit detection is safer and should not allow for loopholes any more, except for shell deactiviation - hovers behave like normal ones: - tooltips pop up below the control - they move with subjectArea - once a popup is showing, they will show up instantly BUG-INTRODUCING FIX CHANGE CHANGE
The SZZ algorithm 1.18 FIXED BUG 42233
The SZZ algorithm $ cvs annotate -r 1.17 Foo.java ... 20: 1.11 (john 12-Feb-03): return i/0; ... 40: 1.14 (kate 23-May-03): return 42; ... 60: 1.16 (mary 10-Jun-03): int i=0; 1.18 FIXED BUG 42233
The SZZ algorithm $ cvs annotate -r 1.17 Foo.java ... 20: 1.11 (john 12-Feb-03): return i/0; ... 40: 1.14 (kate 23-May-03): return 42; ... 60: 1.16 (mary 10-Jun-03): int i=0; 1.18 FIXED BUG 42233
The SZZ algorithm $ cvs annotate -r 1.17 Foo.java ... 20: 1.11 (john 12-Feb-03): return i/0; ... 40: 1.14 (kate 23-May-03): return 42; ... 60: 1.16 (mary 10-Jun-03): int i=0; 1.11 1.14 1.16 1.18 FIXED BUG 42233
The SZZ algorithm $ cvs annotate -r 1.17 Foo.java ... 20: 1.11 (john 12-Feb-03): return i/0; ... 40: 1.14 (kate 23-May-03): return 42; ... 60: 1.16 (mary 10-Jun-03): int i=0; 1.11 1.14 1.16 1.18 BUG FIXED BUG INTRO 42233
The SZZ algorithm $ cvs annotate -r 1.17 Foo.java ... 20: 1.11 (john 12-Feb-03): return i/0; ... 40: 1.14 (kate 23-May-03): return 42; ... 60: 1.16 (mary 10-Jun-03): int i=0; 1.11 1.14 1.16 1.18 BUG BUG FIXED BUG INTRO INTRO 42233
The SZZ algorithm $ cvs annotate -r 1.17 Foo.java ... 20: 1.11 (john 12-Feb-03): return i/0; ... 40: 1.14 (kate 23-May-03): return 42; ... 60: 1.16 (mary 10-Jun-03): int i=0; 1.11 1.14 1.16 1.18 BUG BUG BUG FIXED BUG INTRO INTRO INTRO 42233
The SZZ algorithm 1.11 1.14 1.16 1.18 BUG BUG BUG FIXED BUG INTRO INTRO INTRO 42233
The SZZ algorithm submitted closed BUG REPORT fixes issues mentioned in bug 45635: [hovering] rollover hovers - mouse exit detection is safer and should not allow for loopholes any more, except for shell deactiviation - hovers behave like normal ones: - tooltips pop up below the control - they move with subjectArea - once a popup is showing, they will show up instantly 1.11 1.14 1.16 1.18 BUG BUG BUG FIXED BUG INTRO INTRO INTRO 42233
The SZZ algorithm submitted closed BUG REPORT fixes issues mentioned in bug 45635: [hovering] rollover hovers - mouse exit detection is safer and should not allow for loopholes any more, except for shell deactiviation - hovers behave like normal ones: - tooltips pop up below the control - they move with subjectArea - once a popup is showing, they will show up instantly 1.11 1.14 1.16 1.18 BUGREMOVE BUG BUG FIXED BUG INTRO INTRO POSITIVES INTRO 42233 FALSE
Drawbacks of SZZ Annotation by SCMs is insufficient. (line number in bug-introducing revision is missing)
Drawbacks of SZZ Annotation by SCMs is insufficient. (line number in bug-introducing revision is missing) Not all modifications are fixes. (blank lines, comments, etc.)
False negatives and positives Correct False negatives False positives BUG-INTRODUCING BUGS
An example BUG-INTRODUCING void bar() { if (val==null) { println(val); } ... Revision 7: tom - introduces the defects
An example BUG-INTRODUCING BUG FIX void bar() { void foo() { void foo() { if (val==null) { // print val // print value println(val); if (val==null) if (val!=null) } { { ... println(val); println(val); } } ... ... Revision 7: tom Revision 23: jim Revision 42: kim - introduces the defects - inserts a comment - changes comment - reformats if statement - corrects defect
An example BUG-INTRODUCING BUG FIX void bar() { void foo() { void foo() { if (val==null) { // print val // print valueval println(val); if (val==null) if (val!=null) } { { ... println(val); println(val); } } ... ... Revision 7: tom Revision 23: jim Revision 42: kim - introduces the defects - inserts a comment - changes comment - reformats if statement - corrects defect
An example BUG-INTRODUCING BUG FIX void bar() { void foo() { void foo() { if (val==null) { // print val // print valueval println(val); if (val==null) if (val!=null) } { { ... println(val); println(val); } } ... ... Revision 7: tom Revision 23: jim Revision 42: kim - introduces the defects - inserts a comment - changes comment - reformats if statement - corrects defect
An example BUG-INTRODUCING BUG FIX void bar() { void foo() { void foo() { if (val==null) { // print val // print valueval println(val); if (val==null) if (val!=null) } { { ... println(val); println(val); } } ... ... Revision 7: tom Revision 23: jim Revision 42: kim - introduces the defects - inserts a comment - changes comment - reformats if statement - corrects defect The originial SZZ algorithm has too many false positives (rev 23) and false negatives (rev 7).
Our study COLUMBA ECLIPSE (jdt.core) Project Software type Email client IDE Investigated period 11/2002-06/2003 06/2001-03/2002 Number of revisions 500 1000 Number of fixes 143 (29%) 158 (16%) Average LOC 48,135 111,059
Annotation graphs
Annotation graphs fixed revisions
Annotation graphs foo() fixed revisions
Annotation graphs bar() renamed to foo() foo() fixed revisions
Annotation graphs bar() bar() renamed to foo() foo() fixed revisions
Annotation graphs bar() bar() renamed to foo() foo() fixed revisions SZZ reports a bug-introducing change for foo (false positive) but not for bar (false negative).
Annotation graphs bar() bar() renamed to foo() foo() fixed revisions Using annotation graphs we can remove 2% as false positives and identifies further 1%~4%.
Comments & blank lines public void notifySourceElementRequestor() { - + if (reportReferenceInfo) { + notifyAllUnknownReferences(); +} // collect the top level ast nodes int length = 0;
Comments & blank lines public void notifySourceElementRequestor() { - + if (reportReferenceInfo) { + notifyAllUnknownReferences(); +} // collect the top level ast nodes int length = 0; Ignoring comments and blank lines removes 14%~20% as false positives.
Format changes BUG-INTRODUCING if ( a==true ) return;
Format changes BUG-INTRODUCING BUG FIX if ( a==true ) return; if (a==true) if (a==false) return; return;
Format changes BUG-INTRODUCING BUG FIX if ( a==true ) return; if (a==true) if (a==false) return; return; FALSE POSITIVE
Format changes BUG-INTRODUCING BUG FIX if ( a==true ) return; if (a==true) if (a==false) return; return; FALSE FALSE NEGATIVE POSITIVE
Format changes BUG-INTRODUCING BUG FIX if ( a==true ) return; if (a==true) if (a==false) return; return; FALSE FALSE NEGATIVE POSITIVE Ignoring format changes removes 18%~25% as false positives and identifies further 13%~14%.
Fixes that affect many files Most large fixes are refactoring - public boolean visit(TypeDeclaration - typeDeclaration, BlockScope scope){ + public boolean visit(LocalTypeDeclaration + typeDeclaration, BlockScope scope){
Fixes that affect many files Most large fixes are refactoring - public boolean visit(TypeDeclaration - typeDeclaration, BlockScope scope){ + public boolean visit(LocalTypeDeclaration + typeDeclaration, BlockScope scope){ Ignoring fixes that affect many files (=more than five times the median) removes 7%~16% as false positives
Automatic Identification of Bug-Introducing Changes
Manual inspection of fixes Two judges check whether a fix is actually a fix. deleteResources(actualNonJavaResources,fForce); - IResource[] remaingFiles; + IResource[] remainingFiles;  try { - remaingFiles=((IFolder)res).members(); + remainingFiles=((IFolder)res).members(); }
Manual inspection of fixes Two judges check whether a fix is actually a fix. deleteResources(actualNonJavaResources,fForce); - IResource[] remaingFiles; + IResource[] remainingFiles;  try { - remaingFiles=((IFolder)res).members(); + remainingFiles=((IFolder)res).members(); } Manual inspection of fixes removes only 4%~5% as false positives.
Putting it together ASE SZZ BUGS
Putting it together False negatives of SZZ: 14% ASE SZZ BUGS
Putting it together False negatives of SZZ: 14% False positives of SZZ: 38%~51% ASE SZZ BUGS
Putting it together False negatives of SZZ: 14% False positives of SZZ: 38%~51% ASE SZZ Automatically we can remove 36%~48% as BUGS false positive.
Don’t program on Fridays ;-) Monday 11.3% Tuesday 10.4% Wednesday 11.1% Thursday 12.1% Friday 12.2% Saturday 11.7% Sunday 11.6% 0% 2.5% 5.0% 7.5% 10.0% 12.5% 15.0% Percentage of bug-introducing changes
Don’t program on Fridays ;-) Monday 11.3% Tuesday 10.4% Wednesday 11.1% Thursday 12.1% Friday 12.2% Saturday 11.7% Sunday 11.6% 0% 2.5% 5.0% 7.5% 10.0% 12.5% 15.0% Percentage of bug-introducing changes
Defect-prone authors Authors (anonymized) Fry Leela Bender Amy 0% 10% 20% 30% 40% 50% 60% 70% 80% Frequency Bug-Introducing changes Fix changes
Risk awareness “Safe” Location (green) Risky Location (dark red)
Change classification
Change classification bug-introducing (“bad”) X X X X
Change classification BUILD A CLASSIFIER bug-introducing (“bad”) X X X X
Change classification BUILD A CLASSIFIER bug-introducing (“bad”) X X X X new change
Change classification BUILD A CLASSIFIER bug-introducing (“bad”) X X X X new change PREDICT QUALITY
Conclusions
Conclusions • Bug-introducing changes tell when a defect was introduced, not only its location.
Conclusions • Bug-introducing changes tell when a defect was introduced, not only its location. • We can automatically identify – 36%~48% of SZZ as false positives and – further 14% of missed bug-introductions.
Conclusions • Bug-introducing changes tell when a defect was introduced, not only its location. • We can automatically identify – 36%~48% of SZZ as false positives and – further 14% of missed bug-introductions. • Bug-introducing changes are useful for defect prediction and software evolution.
More minin g @A Frida SE: y mo Conclusions rning . • Bug-introducing changes tell when a defect was introduced, not only its location. • We can automatically identify – 36%~48% of SZZ as false positives and – further 14% of missed bug-introductions. • Bug-introducing changes are useful for defect prediction and software evolution.
1 of 72

Automatic Identification of Bug-Introducing Changes

Download to read offline
TechnologyEntertainment & Humor

Presented at ASE 2006.

Thomas Zimmermann
Thomas ZimmermannResearcher at Microsoft Research

Recommended

Of class3 by
Of class3Of class3
Of class3Janet Huang
644 views15 slides
Debugging: Or How I Learned To Stop Worrying and Love EXC_BAD_ACCESS by
Debugging: Or How I Learned To Stop Worrying and Love EXC_BAD_ACCESSDebugging: Or How I Learned To Stop Worrying and Love EXC_BAD_ACCESS
Debugging: Or How I Learned To Stop Worrying and Love EXC_BAD_ACCESSartgillespie
1.8K views27 slides
The history of asynchronous JavaScript by
The history of asynchronous JavaScriptThe history of asynchronous JavaScript
The history of asynchronous JavaScriptGreeceJS
710 views43 slides
How to stop debugging asynchronous code and start living, Andrey Salomatin, B... by
How to stop debugging asynchronous code and start living, Andrey Salomatin, B...How to stop debugging asynchronous code and start living, Andrey Salomatin, B...
How to stop debugging asynchronous code and start living, Andrey Salomatin, B...MoscowJS
779 views110 slides
Exceptions by
ExceptionsExceptions
Exceptionsnotshoaib
549 views31 slides
BSides algiers - Malware History - Sofiane Talmat by
BSides algiers - Malware History - Sofiane TalmatBSides algiers - Malware History - Sofiane Talmat
BSides algiers - Malware History - Sofiane TalmatShellmates
2.3K views41 slides

More Related Content

What's hot

Dalvik Source Code Reading by
Dalvik Source Code ReadingDalvik Source Code Reading
Dalvik Source Code Readingkishima7
2.5K views22 slides
5 Cool Things About PLSQL by
5 Cool Things About PLSQL5 Cool Things About PLSQL
5 Cool Things About PLSQLConnor McDonald
95 views95 slides
BSides Algiers - Stuxnet - Sofiane Talmat by
BSides Algiers - Stuxnet - Sofiane TalmatBSides Algiers - Stuxnet - Sofiane Talmat
BSides Algiers - Stuxnet - Sofiane TalmatShellmates
735 views20 slides
openFrameworks – パーティクルを動かす、静的配列と動的配列 - 多摩美メディアアートII by
openFrameworks – パーティクルを動かす、静的配列と動的配列 - 多摩美メディアアートIIopenFrameworks – パーティクルを動かす、静的配列と動的配列 - 多摩美メディアアートII
openFrameworks – パーティクルを動かす、静的配列と動的配列 - 多摩美メディアアートIIAtsushi Tadokoro
10.1K views63 slides
Flappy bird by
Flappy birdFlappy bird
Flappy birdSantiagoYepesSerna
84 views8 slides
I am the 100% [*] by Chris Evans & Natalie Silvanovich by
I am the 100% [*] by Chris Evans & Natalie SilvanovichI am the 100% [*] by Chris Evans & Natalie Silvanovich
I am the 100% [*] by Chris Evans & Natalie SilvanovichShakacon
1.6K views73 slides

What's hot(7)

Dalvik Source Code Reading by kishima7
Dalvik Source Code ReadingDalvik Source Code Reading
Dalvik Source Code Reading
kishima72.5K views
5 Cool Things About PLSQL by Connor McDonald
5 Cool Things About PLSQL5 Cool Things About PLSQL
5 Cool Things About PLSQL
Connor McDonald95 views
BSides Algiers - Stuxnet - Sofiane Talmat by Shellmates
BSides Algiers - Stuxnet - Sofiane TalmatBSides Algiers - Stuxnet - Sofiane Talmat
BSides Algiers - Stuxnet - Sofiane Talmat
Shellmates735 views
openFrameworks – パーティクルを動かす、静的配列と動的配列 - 多摩美メディアアートII by Atsushi Tadokoro
openFrameworks – パーティクルを動かす、静的配列と動的配列 - 多摩美メディアアートIIopenFrameworks – パーティクルを動かす、静的配列と動的配列 - 多摩美メディアアートII
openFrameworks – パーティクルを動かす、静的配列と動的配列 - 多摩美メディアアートII
Atsushi Tadokoro10.1K views
Flappy bird by SantiagoYepesSerna
Flappy birdFlappy bird
Flappy bird
SantiagoYepesSerna84 views
I am the 100% [*] by Chris Evans & Natalie Silvanovich by Shakacon
I am the 100% [*] by Chris Evans & Natalie SilvanovichI am the 100% [*] by Chris Evans & Natalie Silvanovich
I am the 100% [*] by Chris Evans & Natalie Silvanovich
Shakacon1.6K views
Tetcon2016 160104 by Bordeaux I
Tetcon2016 160104Tetcon2016 160104
Tetcon2016 160104
Bordeaux I160 views

More from Thomas Zimmermann

Software Analytics = Sharing Information by
Software Analytics = Sharing InformationSoftware Analytics = Sharing Information
Software Analytics = Sharing InformationThomas Zimmermann
3.3K views74 slides
MSR 2013 Preview by
MSR 2013 PreviewMSR 2013 Preview
MSR 2013 PreviewThomas Zimmermann
21.8K views14 slides
Predicting Method Crashes with Bytecode Operations by
Predicting Method Crashes with Bytecode OperationsPredicting Method Crashes with Bytecode Operations
Predicting Method Crashes with Bytecode OperationsThomas Zimmermann
2.3K views26 slides
Analytics for smarter software development by
Analytics for smarter software development Analytics for smarter software development
Analytics for smarter software development Thomas Zimmermann
2.6K views68 slides
Characterizing and Predicting Which Bugs Get Reopened by
Characterizing and Predicting Which Bugs Get ReopenedCharacterizing and Predicting Which Bugs Get Reopened
Characterizing and Predicting Which Bugs Get ReopenedThomas Zimmermann
2K views32 slides
Klingon Countdown Timer by
Klingon Countdown TimerKlingon Countdown Timer
Klingon Countdown TimerThomas Zimmermann
1.3K views28 slides

More from Thomas Zimmermann(20)

Software Analytics = Sharing Information by Thomas Zimmermann
Software Analytics = Sharing InformationSoftware Analytics = Sharing Information
Software Analytics = Sharing Information
Thomas Zimmermann3.3K views
MSR 2013 Preview by Thomas Zimmermann
MSR 2013 PreviewMSR 2013 Preview
MSR 2013 Preview
Thomas Zimmermann21.8K views
Predicting Method Crashes with Bytecode Operations by Thomas Zimmermann
Predicting Method Crashes with Bytecode OperationsPredicting Method Crashes with Bytecode Operations
Predicting Method Crashes with Bytecode Operations
Thomas Zimmermann2.3K views
Analytics for smarter software development by Thomas Zimmermann
Analytics for smarter software development Analytics for smarter software development
Analytics for smarter software development
Thomas Zimmermann2.6K views
Characterizing and Predicting Which Bugs Get Reopened by Thomas Zimmermann
Characterizing and Predicting Which Bugs Get ReopenedCharacterizing and Predicting Which Bugs Get Reopened
Characterizing and Predicting Which Bugs Get Reopened
Thomas Zimmermann2K views
Klingon Countdown Timer by Thomas Zimmermann
Klingon Countdown TimerKlingon Countdown Timer
Klingon Countdown Timer
Thomas Zimmermann1.3K views
Data driven games user research by Thomas Zimmermann
Data driven games user researchData driven games user research
Data driven games user research
Thomas Zimmermann1.5K views
Not my bug! Reasons for software bug report reassignments by Thomas Zimmermann
Not my bug! Reasons for software bug report reassignmentsNot my bug! Reasons for software bug report reassignments
Not my bug! Reasons for software bug report reassignments
Thomas Zimmermann1.3K views
Empirical Software Engineering at Microsoft Research by Thomas Zimmermann
Empirical Software Engineering at Microsoft ResearchEmpirical Software Engineering at Microsoft Research
Empirical Software Engineering at Microsoft Research
Thomas Zimmermann4.6K views
Security trend analysis with CVE topic models by Thomas Zimmermann
Security trend analysis with CVE topic modelsSecurity trend analysis with CVE topic models
Security trend analysis with CVE topic models
Thomas Zimmermann1.5K views
Analytics for software development by Thomas Zimmermann
Analytics for software developmentAnalytics for software development
Analytics for software development
Thomas Zimmermann4.6K views
Characterizing and predicting which bugs get fixed by Thomas Zimmermann
Characterizing and predicting which bugs get fixedCharacterizing and predicting which bugs get fixed
Characterizing and predicting which bugs get fixed
Thomas Zimmermann809 views
Changes and Bugs: Mining and Predicting Development Activities by Thomas Zimmermann
Changes and Bugs: Mining and Predicting Development ActivitiesChanges and Bugs: Mining and Predicting Development Activities
Changes and Bugs: Mining and Predicting Development Activities
Thomas Zimmermann4.6K views
Cross-project defect prediction by Thomas Zimmermann
Cross-project defect predictionCross-project defect prediction
Cross-project defect prediction
Thomas Zimmermann1.9K views
Changes and Bugs: Mining and Predicting Development Activities by Thomas Zimmermann
Changes and Bugs: Mining and Predicting Development ActivitiesChanges and Bugs: Mining and Predicting Development Activities
Changes and Bugs: Mining and Predicting Development Activities
Thomas Zimmermann1.4K views
Predicting Defects using Network Analysis on Dependency Graphs by Thomas Zimmermann
Predicting Defects using Network Analysis on Dependency GraphsPredicting Defects using Network Analysis on Dependency Graphs
Predicting Defects using Network Analysis on Dependency Graphs
Thomas Zimmermann2.2K views
Quality of Bug Reports in Open Source by Thomas Zimmermann
Quality of Bug Reports in Open SourceQuality of Bug Reports in Open Source
Quality of Bug Reports in Open Source
Thomas Zimmermann1.6K views
Meet Tom and his Fish by Thomas Zimmermann
Meet Tom and his FishMeet Tom and his Fish
Meet Tom and his Fish
Thomas Zimmermann1.5K views
Predicting Subsystem Defects using Dependency Graph Complexities by Thomas Zimmermann
Predicting Subsystem Defects using Dependency Graph Complexities Predicting Subsystem Defects using Dependency Graph Complexities
Predicting Subsystem Defects using Dependency Graph Complexities
Thomas Zimmermann1.4K views
Got Myth? Myths in Software Engineering by Thomas Zimmermann
Got Myth? Myths in Software EngineeringGot Myth? Myths in Software Engineering
Got Myth? Myths in Software Engineering
Thomas Zimmermann5.9K views

Recently uploaded

PCCC23:日本AMD株式会社 テーマ2「AMD EPYC™ プロセッサーを用いたAIソリューション」 by
PCCC23:日本AMD株式会社 テーマ2「AMD EPYC™ プロセッサーを用いたAIソリューション」PCCC23:日本AMD株式会社 テーマ2「AMD EPYC™ プロセッサーを用いたAIソリューション」
PCCC23:日本AMD株式会社 テーマ2「AMD EPYC™ プロセッサーを用いたAIソリューション」PC Cluster Consortium
27 views12 slides
Choosing the Right Flutter App Development Company by
Choosing the Right Flutter App Development CompanyChoosing the Right Flutter App Development Company
Choosing the Right Flutter App Development CompanyFicode Technologies
13 views9 slides
GDSC GLAU Info Session.pptx by
GDSC GLAU Info Session.pptxGDSC GLAU Info Session.pptx
GDSC GLAU Info Session.pptxgauriverrma4
15 views28 slides
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or... by
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...ShapeBlue
209 views20 slides
"Package management in monorepos", Zoltan Kochan by
"Package management in monorepos", Zoltan Kochan"Package management in monorepos", Zoltan Kochan
"Package management in monorepos", Zoltan KochanFwdays
37 views18 slides
Measurecamp Brussels - Synthetic data.pdf by
Measurecamp Brussels - Synthetic data.pdfMeasurecamp Brussels - Synthetic data.pdf
Measurecamp Brussels - Synthetic data.pdfHuman37
27 views14 slides

Recently uploaded(20)

PCCC23:日本AMD株式会社 テーマ2「AMD EPYC™ プロセッサーを用いたAIソリューション」 by PC Cluster Consortium
PCCC23:日本AMD株式会社 テーマ2「AMD EPYC™ プロセッサーを用いたAIソリューション」PCCC23:日本AMD株式会社 テーマ2「AMD EPYC™ プロセッサーを用いたAIソリューション」
PCCC23:日本AMD株式会社 テーマ2「AMD EPYC™ プロセッサーを用いたAIソリューション」
PC Cluster Consortium27 views
Choosing the Right Flutter App Development Company by Ficode Technologies
Choosing the Right Flutter App Development CompanyChoosing the Right Flutter App Development Company
Choosing the Right Flutter App Development Company
Ficode Technologies13 views
GDSC GLAU Info Session.pptx by gauriverrma4
GDSC GLAU Info Session.pptxGDSC GLAU Info Session.pptx
GDSC GLAU Info Session.pptx
gauriverrma415 views
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or... by ShapeBlue
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
ShapeBlue209 views
"Package management in monorepos", Zoltan Kochan by Fwdays
"Package management in monorepos", Zoltan Kochan"Package management in monorepos", Zoltan Kochan
"Package management in monorepos", Zoltan Kochan
Fwdays37 views
Measurecamp Brussels - Synthetic data.pdf by Human37
Measurecamp Brussels - Synthetic data.pdfMeasurecamp Brussels - Synthetic data.pdf
Measurecamp Brussels - Synthetic data.pdf
Human37 27 views
Netmera Presentation.pdf by Mustafa Kuğu
Netmera Presentation.pdfNetmera Presentation.pdf
Netmera Presentation.pdf
Mustafa Kuğu22 views
Measuring User on the web with the core web vitals - by @theafolayan.pptx by Oluwaseun Raphael Afolayan
Measuring User on the web with the core web vitals - by @theafolayan.pptxMeasuring User on the web with the core web vitals - by @theafolayan.pptx
Measuring User on the web with the core web vitals - by @theafolayan.pptx
Oluwaseun Raphael Afolayan14 views
MVP and prioritization.pdf by rahuldharwal141
MVP and prioritization.pdfMVP and prioritization.pdf
MVP and prioritization.pdf
rahuldharwal14140 views
Business Analyst Series 2023 - Week 4 Session 7 by DianaGray10
Business Analyst Series 2023 - Week 4 Session 7Business Analyst Series 2023 - Week 4 Session 7
Business Analyst Series 2023 - Week 4 Session 7
DianaGray10152 views
Digital Personal Data Protection (DPDP) Practical Approach For CISOs by Priyanka Aash
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash171 views
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And... by ShapeBlue
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
ShapeBlue120 views
"Node.js Development in 2024: trends and tools", Nikita Galkin by Fwdays
"Node.js Development in 2024: trends and tools", Nikita Galkin "Node.js Development in 2024: trends and tools", Nikita Galkin
"Node.js Development in 2024: trends and tools", Nikita Galkin
Fwdays37 views
This talk was not generated with ChatGPT: how AI is changing science by Elena Simperl
This talk was not generated with ChatGPT: how AI is changing scienceThis talk was not generated with ChatGPT: how AI is changing science
This talk was not generated with ChatGPT: how AI is changing science
Elena Simperl34 views
Bronack Skills - Risk Management and SRE v1.0 12-3-2023.pdf by ThomasBronack
Bronack Skills - Risk Management and SRE v1.0 12-3-2023.pdfBronack Skills - Risk Management and SRE v1.0 12-3-2023.pdf
Bronack Skills - Risk Management and SRE v1.0 12-3-2023.pdf
ThomasBronack31 views
Transcript: Redefining the book supply chain: A glimpse into the future - Tec... by BookNet Canada
Transcript: Redefining the book supply chain: A glimpse into the future - Tec...Transcript: Redefining the book supply chain: A glimpse into the future - Tec...
Transcript: Redefining the book supply chain: A glimpse into the future - Tec...
BookNet Canada43 views
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023 by BookNet Canada
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023Redefining the book supply chain: A glimpse into the future - Tech Forum 2023
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023
BookNet Canada46 views
Qualifying SaaS, IaaS.pptx by Sachin Bhandari
Qualifying SaaS, IaaS.pptxQualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptx
Sachin Bhandari1.1K views
AIM102-S_Cognizant_CognizantCognitive by PhilipBasford
AIM102-S_Cognizant_CognizantCognitiveAIM102-S_Cognizant_CognizantCognitive
AIM102-S_Cognizant_CognizantCognitive
PhilipBasford23 views
Mobile Core Solutions & Successful Cases.pdf by IPLOOK Networks
Mobile Core Solutions & Successful Cases.pdfMobile Core Solutions & Successful Cases.pdf
Mobile Core Solutions & Successful Cases.pdf
IPLOOK Networks16 views

Automatic Identification of Bug-Introducing Changes

  • 1. Automatic Identification of Bug-Introducing Changes Sunghun Kim Kai Pan E. James Whitehead, Jr. University of California, Santa Cruz, USA Tom Zimmermann Saarland University, Saarbrücken, Germany
  • 4. Motivation Statistics Detection Bugs
  • 5. Motivation Statistics Detection Bugs Prediction
  • 6. Motivation Statistics Detection Bugs Prediction Analysis
  • 7. Motivation Statistics Detection Bugs Observation Prediction Analysis
  • 8. So far: Focus on fixes teicher 2003-10-29 16:11:01 fixes issues mentioned in bug 45635: [hovering] rollover hovers - mouse exit detection is safer and should not allow for loopholes any more, except for shell deactiviation - hovers behave like normal ones: - tooltips pop up below the control - they move with subjectArea - once a popup is showing, they will show up instantly
  • 9. So far: Focus on fixes teicher 2003-10-29 16:11:01 fixes issues mentioned in bug 45635: [hovering] rollover hovers - mouse exit detection is safer and should not allow for loopholes any more, except for shell deactiviation - hovers behave like normal ones: - tooltips pop up below the control - they move with subjectArea - once a popup is showing, they will show up instantly Fixes give only the location of a defect, not when it was introduced.
  • 11. Bug-introducing changes BUG-INTRODUCING FIX ... ... later fixed if (foo==null) { if (foo!=null) { foo.bar(); foo.bar(); ... ...
  • 12. Bug-introducing changes BUG-INTRODUCING FIX ... ... later fixed if (foo==null) { if (foo!=null) { foo.bar(); foo.bar(); ... ... Bug-introducing changes are changes that lead to problems as indicated by later fixes.
  • 13. Life-cycle of a “bug”
  • 14. Life-cycle of a “bug” BUG-INTRODUCING CHANGE
  • 15. Life-cycle of a “bug” BUG REPORT fixes issues mentioned in bug 45635: [hovering] rollover hovers - mouse exit detection is safer and should not allow for loopholes any more, except for shell deactiviation - hovers behave like normal ones: - tooltips pop up below the control - they move with subjectArea - once a popup is showing, they will show up instantly BUG-INTRODUCING CHANGE
  • 16. Life-cycle of a “bug” BUG REPORT fixes issues mentioned in bug 45635: [hovering] rollover hovers - mouse exit detection is safer and should not allow for loopholes any more, except for shell deactiviation - hovers behave like normal ones: - tooltips pop up below the control - they move with subjectArea - once a popup is showing, they will show up instantly BUG-INTRODUCING FIX CHANGE CHANGE
  • 17. The SZZ algorithm 1.18 FIXED BUG 42233
  • 18. The SZZ algorithm $ cvs annotate -r 1.17 Foo.java ... 20: 1.11 (john 12-Feb-03): return i/0; ... 40: 1.14 (kate 23-May-03): return 42; ... 60: 1.16 (mary 10-Jun-03): int i=0; 1.18 FIXED BUG 42233
  • 19. The SZZ algorithm $ cvs annotate -r 1.17 Foo.java ... 20: 1.11 (john 12-Feb-03): return i/0; ... 40: 1.14 (kate 23-May-03): return 42; ... 60: 1.16 (mary 10-Jun-03): int i=0; 1.18 FIXED BUG 42233
  • 20. The SZZ algorithm $ cvs annotate -r 1.17 Foo.java ... 20: 1.11 (john 12-Feb-03): return i/0; ... 40: 1.14 (kate 23-May-03): return 42; ... 60: 1.16 (mary 10-Jun-03): int i=0; 1.11 1.14 1.16 1.18 FIXED BUG 42233
  • 21. The SZZ algorithm $ cvs annotate -r 1.17 Foo.java ... 20: 1.11 (john 12-Feb-03): return i/0; ... 40: 1.14 (kate 23-May-03): return 42; ... 60: 1.16 (mary 10-Jun-03): int i=0; 1.11 1.14 1.16 1.18 BUG FIXED BUG INTRO 42233
  • 22. The SZZ algorithm $ cvs annotate -r 1.17 Foo.java ... 20: 1.11 (john 12-Feb-03): return i/0; ... 40: 1.14 (kate 23-May-03): return 42; ... 60: 1.16 (mary 10-Jun-03): int i=0; 1.11 1.14 1.16 1.18 BUG BUG FIXED BUG INTRO INTRO 42233
  • 23. The SZZ algorithm $ cvs annotate -r 1.17 Foo.java ... 20: 1.11 (john 12-Feb-03): return i/0; ... 40: 1.14 (kate 23-May-03): return 42; ... 60: 1.16 (mary 10-Jun-03): int i=0; 1.11 1.14 1.16 1.18 BUG BUG BUG FIXED BUG INTRO INTRO INTRO 42233
  • 24. The SZZ algorithm 1.11 1.14 1.16 1.18 BUG BUG BUG FIXED BUG INTRO INTRO INTRO 42233
  • 25. The SZZ algorithm submitted closed BUG REPORT fixes issues mentioned in bug 45635: [hovering] rollover hovers - mouse exit detection is safer and should not allow for loopholes any more, except for shell deactiviation - hovers behave like normal ones: - tooltips pop up below the control - they move with subjectArea - once a popup is showing, they will show up instantly 1.11 1.14 1.16 1.18 BUG BUG BUG FIXED BUG INTRO INTRO INTRO 42233
  • 26. The SZZ algorithm submitted closed BUG REPORT fixes issues mentioned in bug 45635: [hovering] rollover hovers - mouse exit detection is safer and should not allow for loopholes any more, except for shell deactiviation - hovers behave like normal ones: - tooltips pop up below the control - they move with subjectArea - once a popup is showing, they will show up instantly 1.11 1.14 1.16 1.18 BUGREMOVE BUG BUG FIXED BUG INTRO INTRO POSITIVES INTRO 42233 FALSE
  • 27. Drawbacks of SZZ Annotation by SCMs is insufficient. (line number in bug-introducing revision is missing)
  • 28. Drawbacks of SZZ Annotation by SCMs is insufficient. (line number in bug-introducing revision is missing) Not all modifications are fixes. (blank lines, comments, etc.)
  • 29. False negatives and positives Correct False negatives False positives BUG-INTRODUCING BUGS
  • 30. An example BUG-INTRODUCING void bar() { if (val==null) { println(val); } ... Revision 7: tom - introduces the defects
  • 31. An example BUG-INTRODUCING BUG FIX void bar() { void foo() { void foo() { if (val==null) { // print val // print value println(val); if (val==null) if (val!=null) } { { ... println(val); println(val); } } ... ... Revision 7: tom Revision 23: jim Revision 42: kim - introduces the defects - inserts a comment - changes comment - reformats if statement - corrects defect
  • 32. An example BUG-INTRODUCING BUG FIX void bar() { void foo() { void foo() { if (val==null) { // print val // print valueval println(val); if (val==null) if (val!=null) } { { ... println(val); println(val); } } ... ... Revision 7: tom Revision 23: jim Revision 42: kim - introduces the defects - inserts a comment - changes comment - reformats if statement - corrects defect
  • 33. An example BUG-INTRODUCING BUG FIX void bar() { void foo() { void foo() { if (val==null) { // print val // print valueval println(val); if (val==null) if (val!=null) } { { ... println(val); println(val); } } ... ... Revision 7: tom Revision 23: jim Revision 42: kim - introduces the defects - inserts a comment - changes comment - reformats if statement - corrects defect
  • 34. An example BUG-INTRODUCING BUG FIX void bar() { void foo() { void foo() { if (val==null) { // print val // print valueval println(val); if (val==null) if (val!=null) } { { ... println(val); println(val); } } ... ... Revision 7: tom Revision 23: jim Revision 42: kim - introduces the defects - inserts a comment - changes comment - reformats if statement - corrects defect The originial SZZ algorithm has too many false positives (rev 23) and false negatives (rev 7).
  • 35. Our study COLUMBA ECLIPSE (jdt.core) Project Software type Email client IDE Investigated period 11/2002-06/2003 06/2001-03/2002 Number of revisions 500 1000 Number of fixes 143 (29%) 158 (16%) Average LOC 48,135 111,059
  • 37. Annotation graphs fixed revisions
  • 38. Annotation graphs foo() fixed revisions
  • 39. Annotation graphs bar() renamed to foo() foo() fixed revisions
  • 40. Annotation graphs bar() bar() renamed to foo() foo() fixed revisions
  • 41. Annotation graphs bar() bar() renamed to foo() foo() fixed revisions SZZ reports a bug-introducing change for foo (false positive) but not for bar (false negative).
  • 42. Annotation graphs bar() bar() renamed to foo() foo() fixed revisions Using annotation graphs we can remove 2% as false positives and identifies further 1%~4%.
  • 43. Comments & blank lines public void notifySourceElementRequestor() { - + if (reportReferenceInfo) { + notifyAllUnknownReferences(); +} // collect the top level ast nodes int length = 0;
  • 44. Comments & blank lines public void notifySourceElementRequestor() { - + if (reportReferenceInfo) { + notifyAllUnknownReferences(); +} // collect the top level ast nodes int length = 0; Ignoring comments and blank lines removes 14%~20% as false positives.
  • 46. Format changes BUG-INTRODUCING BUG FIX if ( a==true ) return; if (a==true) if (a==false) return; return;
  • 47. Format changes BUG-INTRODUCING BUG FIX if ( a==true ) return; if (a==true) if (a==false) return; return; FALSE POSITIVE
  • 48. Format changes BUG-INTRODUCING BUG FIX if ( a==true ) return; if (a==true) if (a==false) return; return; FALSE FALSE NEGATIVE POSITIVE
  • 49. Format changes BUG-INTRODUCING BUG FIX if ( a==true ) return; if (a==true) if (a==false) return; return; FALSE FALSE NEGATIVE POSITIVE Ignoring format changes removes 18%~25% as false positives and identifies further 13%~14%.
  • 50. Fixes that affect many files Most large fixes are refactoring - public boolean visit(TypeDeclaration - typeDeclaration, BlockScope scope){ + public boolean visit(LocalTypeDeclaration + typeDeclaration, BlockScope scope){
  • 51. Fixes that affect many files Most large fixes are refactoring - public boolean visit(TypeDeclaration - typeDeclaration, BlockScope scope){ + public boolean visit(LocalTypeDeclaration + typeDeclaration, BlockScope scope){ Ignoring fixes that affect many files (=more than five times the median) removes 7%~16% as false positives
  • 53. Manual inspection of fixes Two judges check whether a fix is actually a fix. deleteResources(actualNonJavaResources,fForce); - IResource[] remaingFiles; + IResource[] remainingFiles;  try { - remaingFiles=((IFolder)res).members(); + remainingFiles=((IFolder)res).members(); }
  • 54. Manual inspection of fixes Two judges check whether a fix is actually a fix. deleteResources(actualNonJavaResources,fForce); - IResource[] remaingFiles; + IResource[] remainingFiles;  try { - remaingFiles=((IFolder)res).members(); + remainingFiles=((IFolder)res).members(); } Manual inspection of fixes removes only 4%~5% as false positives.
  • 55. Putting it together ASE SZZ BUGS
  • 56. Putting it together False negatives of SZZ: 14% ASE SZZ BUGS
  • 57. Putting it together False negatives of SZZ: 14% False positives of SZZ: 38%~51% ASE SZZ BUGS
  • 58. Putting it together False negatives of SZZ: 14% False positives of SZZ: 38%~51% ASE SZZ Automatically we can remove 36%~48% as BUGS false positive.
  • 59. Don’t program on Fridays ;-) Monday 11.3% Tuesday 10.4% Wednesday 11.1% Thursday 12.1% Friday 12.2% Saturday 11.7% Sunday 11.6% 0% 2.5% 5.0% 7.5% 10.0% 12.5% 15.0% Percentage of bug-introducing changes
  • 60. Don’t program on Fridays ;-) Monday 11.3% Tuesday 10.4% Wednesday 11.1% Thursday 12.1% Friday 12.2% Saturday 11.7% Sunday 11.6% 0% 2.5% 5.0% 7.5% 10.0% 12.5% 15.0% Percentage of bug-introducing changes
  • 61. Defect-prone authors Authors (anonymized) Fry Leela Bender Amy 0% 10% 20% 30% 40% 50% 60% 70% 80% Frequency Bug-Introducing changes Fix changes
  • 62. Risk awareness “Safe” Location (green) Risky Location (dark red)
  • 65. Change classification BUILD A CLASSIFIER bug-introducing (“bad”) X X X X
  • 66. Change classification BUILD A CLASSIFIER bug-introducing (“bad”) X X X X new change
  • 67. Change classification BUILD A CLASSIFIER bug-introducing (“bad”) X X X X new change PREDICT QUALITY
  • 69. Conclusions • Bug-introducing changes tell when a defect was introduced, not only its location.
  • 70. Conclusions • Bug-introducing changes tell when a defect was introduced, not only its location. • We can automatically identify – 36%~48% of SZZ as false positives and – further 14% of missed bug-introductions.
  • 71. Conclusions • Bug-introducing changes tell when a defect was introduced, not only its location. • We can automatically identify – 36%~48% of SZZ as false positives and – further 14% of missed bug-introductions. • Bug-introducing changes are useful for defect prediction and software evolution.
  • 72. More minin g @A Frida SE: y mo Conclusions rning . • Bug-introducing changes tell when a defect was introduced, not only its location. • We can automatically identify – 36%~48% of SZZ as false positives and – further 14% of missed bug-introductions. • Bug-introducing changes are useful for defect prediction and software evolution.