Predicting Defects using Network Analysis on Dependency Graphs

Thomas Zimmermann
Thomas ZimmermannResearcher at Microsoft Research
Predicting Defects using Network Analysis on Dependency Graphs Thomas Zimmermann, University of Calgary, Canada Nachiappan Nagappan, Microsoft Research, USA
Bugs are everywhere
Bugs are everywhere
Bugs are everywhere
Quality assurance is limited... ...by time...
Quality assurance is limited... ...by time... ...and by money.
Spent resources on the components that need it most, i.e., are most likely to fail.
Meet Jacob
Meet Jacob • Your QA manager
Meet Jacob • Your QA manager • Ten years knowledge of your project
Meet Jacob • Your QA manager • Ten years knowledge of your project • Aware of its history and the hot spots
But then Jacob left...
Meet Emily • Your new QA manager (replaces Jacob) • Not much experience with your project yet • How can she allocate resources effectively?
Meet Emily • Your new QA manager (replaces Jacob) • Not much experience with your project yet • How can she allocate resources effectively?
Indicators of defects • Code complexity - Basili et al. 1996, Subramanyam and Krishnan 2003, - Binkley and Schach 1998, Ohlsson and Alberg 1996, Nagappan et al. 2006
Indicators of defects • Code complexity - Basili et al. 1996, Subramanyam and Krishnan 2003, - Binkley and Schach 1998, Ohlsson and Alberg 1996, Nagappan et al. 2006 • Code churn - Nagappan and Ball 2005
Indicators of defects • Code complexity - Basili et al. 1996, Subramanyam and Krishnan 2003, - Binkley and Schach 1998, Ohlsson and Alberg 1996, Nagappan et al. 2006 • Code churn - Nagappan and Ball 2005 • Historical data - Khoshgoftaar et al. 1996, Graves et al. 2000, Kim et al. 2007, - Ostrand et al. 2005, Mockus et al. 2005
Indicators of defects • Code complexity - Basili et al. 1996, Subramanyam and Krishnan 2003, - Binkley and Schach 1998, Ohlsson and Alberg 1996, Nagappan et al. 2006 • Code churn - Nagappan and Ball 2005 • Historical data - Khoshgoftaar et al. 1996, Graves et al. 2000, Kim et al. 2007, - Ostrand et al. 2005, Mockus et al. 2005 • Code dependencies - Nagappan and Ball 2007, Schröter et al. 2006 - Zimmermann and Nagappan 2007
Centrality
Hypothesis Network measures on dependency graphs - correlate with the number of post-release defects (H1) - can predict the number of post-release defects (H2) - can indicate critical “escrow” binaries (H3)
DATA. .
2252 Binaries 28.3 MLOC
Windows Server layout
Windows Server layout
Windows Server layout
Windows Server layout
Data collection Release point for Windows Server 2003
Data collection Release point for Windows Server 2003 Complexity Metrics Dependencies Network Measures
Data collection six months Release point for to collect Windows Server 2003 defects Complexity Metrics Dependencies Network Measures Defects
Dependencies • Directed relationship between two pieces of code (here: binaries) • MaX dependency analysis framework -Caller-callee dependencies - Imports and exports - RPC, COM - Runtime dependencies (such as LoadLibrary) - Registry access - etc.
Centrality • Degreethe number dependencies centrality - counts • Closeness centrality binaries into account - takes distance to all other - Closeness: How close are the other binaries? - Reach: How many binaries can be reached (weighted)? - Eigenvector: similar to Pagerank • Betweenness centrality paths through a binary - counts the number of shortest
Structural holes A B C No structural hole
Structural holes A A B B C C No structural hole No structural hole between B and C
Ego networks EGO
Ego networks EGO INOUT
Ego networks EGO IN INOUT
Ego networks EGO IN OUT INOUT
Complexity metrics Group Metrics Aggregation Module metrics # functions in B for a binary B # global variables in B # executable lines in f() # parameters in f() Per-function metrics Total # functions calling f() for a function f() Max # functions called by f() McCabe’s cyclomatic complexity of f() # methods in C # subclasses of C OO metrics Total Depth of C in the inheritance tree for a class C Max Coupling between classes Cyclic coupling between classes
RESULTS. .
1 PATTERNS
Star pattern With defects No defects
Undirected cliques ... ...
Undirected cliques
Undirected cliques Average number of defects is higher for binaries in large cliques.
2 PREDICTION
Prediction Model Input metrics and measures Prediction PCA Regression
Prediction Model Input metrics and measures Prediction PCA Regression Metrics SNA Metrics+SNA
Prediction Model Input metrics and measures Prediction PCA Regression Metrics Classification SNA Metrics+SNA Ranking
Classification Has a binary a defect or not? or
Ranking Which binaries have the most defects? or or ... or
Random splits
Random splits 4×50×
Classification (logistic regression)
Classification (logistic regression) SNA increases the recall by 0.10 (at p=0.01) while precision remains comparable.
Ranking (linear regression)
Ranking (linear regression) SNA+METRICS increases the correlation by 0.10 (significant at p=0.01)
3 ESCROW
Escrow binaries • Escrowcritical binaries for Windows Server 2003 binaries -list of - development teams select binaries for escrow based on (past) experience • Special protocol for escrow binaries -involves more testing, code reviews
Predicting escrow binaries Network measures Recall GlobalInClosenessFreeman 0.60 GlobalIndwReach 0.60 EgoInSize 0.55 EgoInPairs 0.55 EgoInBroker 0.55 EgoInTies 0.50 GlobalInDegree 0.50 GlobalBetweenness 0.50 ... ... Complexity metrics Recall TotalParameters 0.30 TotalComplexity 0.30 TotalLines 0.30 TotalFanIn 0.30 TotalFanOut 0.30 ... ...
Predicting escrow binaries Network measures Recall GlobalInClosenessFreeman 0.60 GlobalIndwReach 0.60 EgoInSize 0.55 EgoInPairs 0.55 EgoInBroker 0.55 EgoInTies 0.50 GlobalInDegree 0.50 GlobalBetweenness 0.50 ... ... Complexity metrics Recall TotalParameters 0.30 TotalComplexity 0.30 TotalLines 0.30 TotalFanIn 0.30 Network measures predict twice as 0.30 many TotalFanOut ... escrow binaries as complexity metrics do. ...
CONCLUSION. . • Classification measures is 0.10 higher than for -Recall for network complexity metrics. - The precision remains comparable. • Ranking network mesures with complexity metrics -Combining increases the correlation by 0.10. • Escrow metrics fail to predict escrow binaries. - Complexity - Network measures predict 60% of escrow binaries.
1 of 61

Predicting Defects using Network Analysis on Dependency Graphs

Economy & FinanceTechnology

Presented at ICSE 2008.

Thomas Zimmermann
Thomas ZimmermannResearcher at Microsoft Research

Recommended

Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 familyBicliques for Preimages: Attacks on Skein-512 and the SHA-2 family
Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 familyAlexandra
792 views24 slides
Changes and Bugs: Mining and Predicting Development ActivitiesChanges and Bugs: Mining and Predicting Development Activities
Changes and Bugs: Mining and Predicting Development ActivitiesThomas Zimmermann
4.6K views34 slides
Multiple Choice Questions on JAVA (object oriented programming) bank 7 -- abs...Multiple Choice Questions on JAVA (object oriented programming) bank 7 -- abs...
Multiple Choice Questions on JAVA (object oriented programming) bank 7 -- abs...Kuntal Bhowmick
189 views29 slides
Multiple Choice Questions on JAVA (object oriented programming) bank 6 -- inh...Multiple Choice Questions on JAVA (object oriented programming) bank 6 -- inh...
Multiple Choice Questions on JAVA (object oriented programming) bank 6 -- inh...Kuntal Bhowmick
301 views45 slides
Belief Propagation Decoder for LDPC Codes Based on VLSI ImplementationBelief Propagation Decoder for LDPC Codes Based on VLSI Implementation
Belief Propagation Decoder for LDPC Codes Based on VLSI Implementationinventionjournals
621 views4 slides
Multiple Choice Questions on JAVA (object oriented programming) bank 3 -- cla...Multiple Choice Questions on JAVA (object oriented programming) bank 3 -- cla...
Multiple Choice Questions on JAVA (object oriented programming) bank 3 -- cla...Kuntal Bhowmick
136 views41 slides

More Related Content

Similar to Predicting Defects using Network Analysis on Dependency Graphs

Similar to Predicting Defects using Network Analysis on Dependency Graphs(20)

Magic behind the numbers - software metrics in practiceMagic behind the numbers - software metrics in practice
Magic behind the numbers - software metrics in practice
Sebastian Marek4.9K views
Profiling distributed Java applicationsProfiling distributed Java applications
Profiling distributed Java applications
Constantine Slisenka1.1K views
Design Verification: The Past, Present and FuturereDesign Verification: The Past, Present and Futurere
Design Verification: The Past, Present and Futurere
DVClub524 views
Design verification--the-past-present-and-futureDesign verification--the-past-present-and-future
Design verification--the-past-present-and-future
Obsidian Software456 views
Scam12.pptScam12.ppt
Scam12.ppt
Yann-Gaël Guéhéneuc18 views
Object Detection with TransformersObject Detection with Transformers
Object Detection with Transformers
Databricks1.1K views
深度學習在AOI的應用深度學習在AOI的應用
深度學習在AOI的應用
CHENHuiMei1.4K views
Predicting Subsystem Defects using Dependency Graph Complexities Predicting Subsystem Defects using Dependency Graph Complexities
Predicting Subsystem Defects using Dependency Graph Complexities
Thomas Zimmermann1.4K views
Rails Software MetricsRails Software Metrics
Rails Software Metrics
chiel816 views
Predicting Defects in SAP Java Code: An Experience ReportPredicting Defects in SAP Java Code: An Experience Report
Predicting Defects in SAP Java Code: An Experience Report
tilman.holschuh1.5K views
13986149 c-pgming-for-embedded-systems13986149 c-pgming-for-embedded-systems
13986149 c-pgming-for-embedded-systems
PRADEEP7.1K views
2010 06-24 karlsruher entwicklertag2010 06-24 karlsruher entwicklertag
2010 06-24 karlsruher entwicklertag
Marcel Bruch3.1K views
Studying the impact of dependency network measures on software quality Studying the impact of dependency network measures on software quality
Studying the impact of dependency network measures on software quality
ICSM 2010356 views
BSSML17 - DeepnetsBSSML17 - Deepnets
BSSML17 - Deepnets
BigML, Inc136 views
Coding NakedCoding Naked
Coding Naked
Caleb Jenkins3.7K views
MARS presentationMARS presentation
MARS presentation
Alessio Bockmann404 views
CCNA training 101CCNA training 101
CCNA training 101
Rohan Reddy818 views
Measuring maintainability; software metrics explainedMeasuring maintainability; software metrics explained
Measuring maintainability; software metrics explained
Dennis de Greef3.6K views
Transcription Factor DNA Binding PredictionTranscription Factor DNA Binding Prediction
Transcription Factor DNA Binding Prediction
UT, San Antonio485 views
DL'12 mastro at workDL'12 mastro at work
DL'12 mastro at work
Mariano Rodriguez-Muro493 views

More from Thomas Zimmermann

MSR 2013 PreviewMSR 2013 Preview
MSR 2013 PreviewThomas Zimmermann
21.8K views14 slides

More from Thomas Zimmermann(20)

Software Analytics = Sharing InformationSoftware Analytics = Sharing Information
Software Analytics = Sharing Information
Thomas Zimmermann3.3K views
MSR 2013 PreviewMSR 2013 Preview
MSR 2013 Preview
Thomas Zimmermann21.8K views
Predicting Method Crashes with Bytecode OperationsPredicting Method Crashes with Bytecode Operations
Predicting Method Crashes with Bytecode Operations
Thomas Zimmermann2.3K views
Analytics for smarter software development Analytics for smarter software development
Analytics for smarter software development
Thomas Zimmermann2.6K views
Characterizing and Predicting Which Bugs Get ReopenedCharacterizing and Predicting Which Bugs Get Reopened
Characterizing and Predicting Which Bugs Get Reopened
Thomas Zimmermann2K views
Klingon Countdown TimerKlingon Countdown Timer
Klingon Countdown Timer
Thomas Zimmermann1.3K views
Data driven games user researchData driven games user research
Data driven games user research
Thomas Zimmermann1.5K views
Not my bug! Reasons for software bug report reassignmentsNot my bug! Reasons for software bug report reassignments
Not my bug! Reasons for software bug report reassignments
Thomas Zimmermann1.3K views
Empirical Software Engineering at Microsoft ResearchEmpirical Software Engineering at Microsoft Research
Empirical Software Engineering at Microsoft Research
Thomas Zimmermann4.6K views
Security trend analysis with CVE topic modelsSecurity trend analysis with CVE topic models
Security trend analysis with CVE topic models
Thomas Zimmermann1.5K views
Analytics for software developmentAnalytics for software development
Analytics for software development
Thomas Zimmermann4.6K views
Characterizing and predicting which bugs get fixedCharacterizing and predicting which bugs get fixed
Characterizing and predicting which bugs get fixed
Thomas Zimmermann809 views
Cross-project defect predictionCross-project defect prediction
Cross-project defect prediction
Thomas Zimmermann1.9K views
Changes and Bugs: Mining and Predicting Development ActivitiesChanges and Bugs: Mining and Predicting Development Activities
Changes and Bugs: Mining and Predicting Development Activities
Thomas Zimmermann1.4K views
Quality of Bug Reports in Open SourceQuality of Bug Reports in Open Source
Quality of Bug Reports in Open Source
Thomas Zimmermann1.6K views
Meet Tom and his FishMeet Tom and his Fish
Meet Tom and his Fish
Thomas Zimmermann1.5K views
Got Myth? Myths in Software EngineeringGot Myth? Myths in Software Engineering
Got Myth? Myths in Software Engineering
Thomas Zimmermann5.9K views
Mining Workspace Updates in CVSMining Workspace Updates in CVS
Mining Workspace Updates in CVS
Thomas Zimmermann632 views
Mining Software Archives to Support Software DevelopmentMining Software Archives to Support Software Development
Mining Software Archives to Support Software Development
Thomas Zimmermann854 views
Unit testing with JUnitUnit testing with JUnit
Unit testing with JUnit
Thomas Zimmermann16.1K views

Recently uploaded

DDKT-Southern.pdfDDKT-Southern.pdf
DDKT-Southern.pdfGRAPE
11 views34 slides

Recently uploaded(20)

Two critical areas in the economy - European Business ReviewTwo critical areas in the economy - European Business Review
Two critical areas in the economy - European Business Review
Antonis Zairis14 views
MEMU Nov 2023 En.pdfMEMU Nov 2023 En.pdf
MEMU Nov 2023 En.pdf
Інститут економічних досліджень та політичних консультацій53 views
Ingenious Nov 2023 to Jan 2024.pdfIngenious Nov 2023 to Jan 2024.pdf
Ingenious Nov 2023 to Jan 2024.pdf
Ankur Shah23 views
Lundin Gold Corporate Presentation Nov 2023.pdfLundin Gold Corporate Presentation Nov 2023.pdf
Lundin Gold Corporate Presentation Nov 2023.pdf
Adnet Communications112 views
Stock Market Brief Deck 1124.pdfStock Market Brief Deck 1124.pdf
Stock Market Brief Deck 1124.pdf
Michael Silva51 views
DDKT-Southern.pdfDDKT-Southern.pdf
DDKT-Southern.pdf
GRAPE11 views
Slides.pdfSlides.pdf
Slides.pdf
GRAPE10 views
Presentation_Yale.pdfPresentation_Yale.pdf
Presentation_Yale.pdf
GRAPE7 views
Managerial Economics - Demand and Consumer Analysis.pptxManagerial Economics - Demand and Consumer Analysis.pptx
Managerial Economics - Demand and Consumer Analysis.pptx
deepav4510 views
Reversing the Great TransformationReversing the Great Transformation
Reversing the Great Transformation
Asad Zaman30 views
MATRIX.pptxMATRIX.pptx
MATRIX.pptx
baijup414 views
DDKT-SAET.pdfDDKT-SAET.pdf
DDKT-SAET.pdf
GRAPE26 views
Managerial Economics - Utility.pptxManagerial Economics - Utility.pptx
Managerial Economics - Utility.pptx
deepav4511 views
Stock Market Brief Deck 1121.pdfStock Market Brief Deck 1121.pdf
Stock Market Brief Deck 1121.pdf
Michael Silva65 views
IIX Showcase Impact Stories - IIX Global.pdfIIX Showcase Impact Stories - IIX Global.pdf
IIX Showcase Impact Stories - IIX Global.pdf
IIX Global6 views
Motivation TheoryMotivation Theory
Motivation Theory
lamluanvan.net Viết thuê luận văn5 views
National Income.pptxNational Income.pptx
National Income.pptx
Nithin Kumar9 views
What is Credit Default SwapsWhat is Credit Default Swaps
What is Credit Default Swaps
MksSkyView7 views
DDKT-SummerWorkshop.pdfDDKT-SummerWorkshop.pdf
DDKT-SummerWorkshop.pdf
GRAPE13 views
Presentation.pdfPresentation.pdf
Presentation.pdf
GRAPE5 views

Predicting Defects using Network Analysis on Dependency Graphs

  • 1. Predicting Defects using Network Analysis on Dependency Graphs Thomas Zimmermann, University of Calgary, Canada Nachiappan Nagappan, Microsoft Research, USA
  • 5. Quality assurance is limited... ...by time...
  • 6. Quality assurance is limited... ...by time... ...and by money.
  • 7. Spent resources on the components that need it most, i.e., are most likely to fail.
  • 10. Meet Jacob • Your QA manager • Ten years knowledge of your project
  • 11. Meet Jacob • Your QA manager • Ten years knowledge of your project • Aware of its history and the hot spots
  • 12. But then Jacob left...
  • 13. Meet Emily • Your new QA manager (replaces Jacob) • Not much experience with your project yet • How can she allocate resources effectively?
  • 14. Meet Emily • Your new QA manager (replaces Jacob) • Not much experience with your project yet • How can she allocate resources effectively?
  • 15. Indicators of defects • Code complexity - Basili et al. 1996, Subramanyam and Krishnan 2003, - Binkley and Schach 1998, Ohlsson and Alberg 1996, Nagappan et al. 2006
  • 16. Indicators of defects • Code complexity - Basili et al. 1996, Subramanyam and Krishnan 2003, - Binkley and Schach 1998, Ohlsson and Alberg 1996, Nagappan et al. 2006 • Code churn - Nagappan and Ball 2005
  • 17. Indicators of defects • Code complexity - Basili et al. 1996, Subramanyam and Krishnan 2003, - Binkley and Schach 1998, Ohlsson and Alberg 1996, Nagappan et al. 2006 • Code churn - Nagappan and Ball 2005 • Historical data - Khoshgoftaar et al. 1996, Graves et al. 2000, Kim et al. 2007, - Ostrand et al. 2005, Mockus et al. 2005
  • 18. Indicators of defects • Code complexity - Basili et al. 1996, Subramanyam and Krishnan 2003, - Binkley and Schach 1998, Ohlsson and Alberg 1996, Nagappan et al. 2006 • Code churn - Nagappan and Ball 2005 • Historical data - Khoshgoftaar et al. 1996, Graves et al. 2000, Kim et al. 2007, - Ostrand et al. 2005, Mockus et al. 2005 • Code dependencies - Nagappan and Ball 2007, Schröter et al. 2006 - Zimmermann and Nagappan 2007
  • 20. Hypothesis Network measures on dependency graphs - correlate with the number of post-release defects (H1) - can predict the number of post-release defects (H2) - can indicate critical “escrow” binaries (H3)
  • 21. DATA. .
  • 27. Data collection Release point for Windows Server 2003
  • 28. Data collection Release point for Windows Server 2003 Complexity Metrics Dependencies Network Measures
  • 29. Data collection six months Release point for to collect Windows Server 2003 defects Complexity Metrics Dependencies Network Measures Defects
  • 30. Dependencies • Directed relationship between two pieces of code (here: binaries) • MaX dependency analysis framework -Caller-callee dependencies - Imports and exports - RPC, COM - Runtime dependencies (such as LoadLibrary) - Registry access - etc.
  • 31. Centrality • Degreethe number dependencies centrality - counts • Closeness centrality binaries into account - takes distance to all other - Closeness: How close are the other binaries? - Reach: How many binaries can be reached (weighted)? - Eigenvector: similar to Pagerank • Betweenness centrality paths through a binary - counts the number of shortest
  • 32. Structural holes A B C No structural hole
  • 33. Structural holes A A B B C C No structural hole No structural hole between B and C
  • 35. Ego networks EGO INOUT
  • 36. Ego networks EGO IN INOUT
  • 37. Ego networks EGO IN OUT INOUT
  • 38. Complexity metrics Group Metrics Aggregation Module metrics # functions in B for a binary B # global variables in B # executable lines in f() # parameters in f() Per-function metrics Total # functions calling f() for a function f() Max # functions called by f() McCabe’s cyclomatic complexity of f() # methods in C # subclasses of C OO metrics Total Depth of C in the inheritance tree for a class C Max Coupling between classes Cyclic coupling between classes
  • 41. Star pattern With defects No defects
  • 44. Undirected cliques Average number of defects is higher for binaries in large cliques.
  • 46. Prediction Model Input metrics and measures Prediction PCA Regression
  • 47. Prediction Model Input metrics and measures Prediction PCA Regression Metrics SNA Metrics+SNA
  • 48. Prediction Model Input metrics and measures Prediction PCA Regression Metrics Classification SNA Metrics+SNA Ranking
  • 49. Classification Has a binary a defect or not? or
  • 50. Ranking Which binaries have the most defects? or or ... or
  • 54. Classification (logistic regression) SNA increases the recall by 0.10 (at p=0.01) while precision remains comparable.
  • 56. Ranking (linear regression) SNA+METRICS increases the correlation by 0.10 (significant at p=0.01)
  • 58. Escrow binaries • Escrowcritical binaries for Windows Server 2003 binaries -list of - development teams select binaries for escrow based on (past) experience • Special protocol for escrow binaries -involves more testing, code reviews
  • 59. Predicting escrow binaries Network measures Recall GlobalInClosenessFreeman 0.60 GlobalIndwReach 0.60 EgoInSize 0.55 EgoInPairs 0.55 EgoInBroker 0.55 EgoInTies 0.50 GlobalInDegree 0.50 GlobalBetweenness 0.50 ... ... Complexity metrics Recall TotalParameters 0.30 TotalComplexity 0.30 TotalLines 0.30 TotalFanIn 0.30 TotalFanOut 0.30 ... ...
  • 60. Predicting escrow binaries Network measures Recall GlobalInClosenessFreeman 0.60 GlobalIndwReach 0.60 EgoInSize 0.55 EgoInPairs 0.55 EgoInBroker 0.55 EgoInTies 0.50 GlobalInDegree 0.50 GlobalBetweenness 0.50 ... ... Complexity metrics Recall TotalParameters 0.30 TotalComplexity 0.30 TotalLines 0.30 TotalFanIn 0.30 Network measures predict twice as 0.30 many TotalFanOut ... escrow binaries as complexity metrics do. ...
  • 61. CONCLUSION. . • Classification measures is 0.10 higher than for -Recall for network complexity metrics. - The precision remains comparable. • Ranking network mesures with complexity metrics -Combining increases the correlation by 0.10. • Escrow metrics fail to predict escrow binaries. - Complexity - Network measures predict 60% of escrow binaries.