Presentation is loading. Please wait.

Presentation is loading. Please wait.

CBCD: Cloned Buggy Code Detector

Published byOphelia Price Modified over 5 years ago

Similar presentations

Presentation on theme: "CBCD: Cloned Buggy Code Detector"— Presentation transcript:

1 CBCD: Cloned Buggy Code Detector
Jingyue Li Michael D. Ernst DNV Research & Innovation University of Washington

2 Overview Cut-and-paste happens An empirical study of cloned buggy code
09 September 2018 Overview Cut-and-paste happens An empirical study of cloned buggy code 4% of bugs are cloned in a commercial system 350 cloned bugs in Open Source Software CBCD - A tool to detect cloned buggy code (Optimizations of Program Dependency Graph based clone detection for finding bugs and for scaling) CBCD Evaluation CBCD outperformed 4 clone detectors for this task

3 An empirical study of cloned buggy code

4 Have bugs been cloned? Investigated systems
09 September 2018 Have bugs been cloned? Investigated systems Linux kernel (OSS): millions of LOC Git version control system (OSS): > 300 KLOC PostgreSQL database (OSS): > 300 KLOC A software product line (commercial): > 50 products, > 1 million LOC each Approach We searched for these keywords in bug reports and commit messages: “same bug”, “same fix”, “same issue”, “same error”, and “same problem” For each match, we manually determined whether the commit was necessitated by duplication of a bug If so, we identified the buggy code and its clones manually

5 Results of the Empirical Study
09 September 2018 Results of the Empirical Study OSS Cloned bugs Locatable clones Linux kernel 282 157 Git 33 12 PostgreSQL 22 For some bugs, we could locate their clones, e.g. in the commit, it says “This is quite the same fix as in 2cb96f86628d6e97fcbda5fe4d8d c.” For some other bugs, we could not locate their clones, e.g. “Other platforms have this same bug, in one form or another.” Commercial product line 969 out of bugs (3.8%) No access to source code

6 The Buggy Code Segment is Usually Small
09 September 2018 The Buggy Code Segment is Usually Small More than 88% of the bugs cover 4 or fewer contiguous lines of code Size (contiguous lines) of the largest component of each bug fix

7 The Need to Detect Cloned Buggy Code
09 September 2018 The Need to Detect Cloned Buggy Code The empirical study confirmed that cloned bugs do exist Once a bug is detected, it is necessary to find all its clones and fix them Customer satisfaction drops when a customer re-encounters a bug that the vendor claimed to have fixed Inputs Buggy code snippet Entire system to be checked Output |

8 CBCD - A tool to detect cloned buggy code

9 CBCD Uses PDG-Based Clone Detection Approach
09 September 2018 CBCD Uses PDG-Based Clone Detection Approach Clone detection approaches: Text-based, Token-based, Abstract Syntax Tree (AST)-based Program Dependency Graph (PDG)-based static int add(int a, int b)  {     return(a+b);  }  Entry: add a = ain b = bin ret = result result = a+b Control dependency Data dependency PDG example PDG-based clone detection approach Check graph isomorphism of PDGs of code segments to identify code clones More resilient to code changes CBCD: check whether PDG of the buggy code is a subgraph of the PDG of the system Unlike other PDG-based tools, CBCD also requires vertex kind and source text match

10 CBCD Architecture Codesurfer And also used in subgraph testing Bug PDG
09 September 2018 CBCD Architecture Subgraph isomorphism is O(N!N) We implemented optimizations to reduce N Step 1: Create Bug PDG Create System PDG Bug PDG System vertex Info Step 3: Subgraph testing (igraph) Output: Bug clones And also used in subgraph testing Input: Buggy lines System to be checked Step 2: Split the Bug PDG and prune the System PDG Split Bug PDG Pruned System PDG Vertex kind and source text are used to prune parts of System PDG that cannot match Codesurfer

11 Four Optimizations: Reduce the N in Subgraph Isomorphism
09 September 2018 Four Optimizations: Reduce the N in Subgraph Isomorphism Isomorphism requires graph structure, vertex kind, and source text to match More than 88% of the bugs cover ≤ 4 lines 1. Prune System PDG Compare the start and end vertex kind and source text of edge of the System and Bug PDG 2. Break System PDG Use vertex kind info. of Bug PDG to choose only small sections of the System PDG 3. Exclude irrelevant System PDG Bug PDG radius = 2 4. Break Bug PDG System PDG

12 CBCD evaluation

13 CBCD Evaluation and Comparison with Clone Detectors
09 September 2018 CBCD Evaluation and Comparison with Clone Detectors Research questions: How well can CBCD find cloned buggy code? How well does CBCD scale? Oracle for the evaluation 53 bugs (34 Linux kernel, 5 Git, and 14 PostgreSQL) and their clones Evaluation environment Ubuntu 10.04, 4G Mem, 3Ghz CPU Clone detectors under comparison CBCD (PDG-based) Simian (text-based) CCFinder (token-based) Decard (AST-based) CloneDr (AST-based)

14 How Well Can CBCD Find Cloned Buggy Code?
09 September 2018 How Well Can CBCD Find Cloned Buggy Code? For each investigated bug and each of its clone, we check if a tool reports False Negative (FN): A clone is identified by the developer, but not by the tool. False Positive (FP): A clone is repored by the tool, but not by developers as buggy. Each of the 53 investigated bugs falls into one of four categories * Only 2% of the input files and 1% of the lines of code General clone detectors and CBCD are designed for different purposes General clone detectors are good at finding large code clones CBCD is more like an advanced “Find” command, good at finding small code clones

15 Advantages and Limitations of CBCD
09 September 2018 Advantages and Limitations of CBCD Advantages: As expected, CBCD is more resilient to some types of code changes Code deletions or insertions that do not change the PDG Reordering of statements Control-statement replacement Limitations False Positive : when the buggy code is a one-line function call Buggy code: memset(ib_ah_attr, 0, sizeof  *path); True positive: memset(ib_ah_attr, 0, sizeof *path); False positive: memset(p, 0, padding); False Negative: Buggy code is in data structure or marcos, due to limitations of CodeSurfer. False Negative: Variable renaming in an expression, because CBCD limits such renaming Buggy code: if (!hpet && !ref1 && !ref2) True positive: if (!hpet && !ref_start && !rf_stop)

16 How well does CBCD scale?
09 September 2018 How well does CBCD scale? <47 seconds to find clones of a bug in a system having ≥ 400 KNLOC, after the system PDG is generated by CodeSurfer Generating system PDG from CodeSurfer is the bottleneck However, this step needs to be done only once and is reusable The optimizations are effective Most effective: Prune System PDG Pruned 90% of the edges 20237 and 11890 performance improvement in two cases Avoid “out-of-memory” error due to too big System PDG in another case Other optimizations provide moderate performance gains

17 Conclusions Examined real-world bug reports
09 September 2018 Conclusions Examined real-world bug reports Established that identical (cloned) bugs are a serious problem Proposed that programmer should search for clones of buggy code Optimizations to PDG-based clone detection algorithms for scalability Implemented CBCD, a PDG-based tool that detects possible clones of buggy code CBCD is scalable, effective, and outperforms other tools for this task Finding cloned bugs is very important, and now a tool (CBCD) exists for that!

Download ppt "CBCD: Cloned Buggy Code Detector"

Similar presentations

Duplicate code detection using Clone Digger Peter Bulychev Lomonosov Moscow State University CS department.

Duplicate code detection using Clone Digger Peter Bulychev Lomonosov Moscow State University CS department.
Chao Liu, Chen Chen, Jiawei Han, Philip S. Yu

Chao Liu, Chen Chen, Jiawei Han, Philip S. Yu
Native x86 Decompilation Using Semantics-Preserving Structural Analysis and Iterative Control-Flow Structuring Edward J. Schwartz *, JongHyup Lee ✝, Maverick.

Native x86 Decompilation Using Semantics-Preserving Structural Analysis and Iterative Control-Flow Structuring Edward J. Schwartz *, JongHyup Lee ✝, Maverick.
CS590 Z Matching Program Versions Xiangyu Zhang. CS590Z Problem Statement  Suppose a program P’ is created by modifying P. Determine the difference between.

CS590 Z Matching Program Versions Xiangyu Zhang. CS590Z Problem Statement  Suppose a program P’ is created by modifying P. Determine the difference between.
Reverse Engineering © SERG Code Cloning: Detection, Classification, and Refactoring.

Reverse Engineering © SERG Code Cloning: Detection, Classification, and Refactoring.
Improving the Unification of Software Clones Using Tree & Graph Matching Algorithms Giri Panamoottil Krishnan Supervisor: Dr. Nikolaos Tsantalis 22.04.14.

Improving the Unification of Software Clones Using Tree & Graph Matching Algorithms Giri Panamoottil Krishnan Supervisor: Dr. Nikolaos Tsantalis
July 11 th, 2005 Software Engineering with Reusable Components RiSE’s Seminars Sametinger’s book :: Chapters 16, 17 and 18 Fred Durão.

July 11 th, 2005 Software Engineering with Reusable Components RiSE’s Seminars Sametinger’s book :: Chapters 16, 17 and 18 Fred Durão.
Analyzing Software Code and Execution – Plagiarism and Bug Detection Shoaib Jameel.

Analyzing Software Code and Execution – Plagiarism and Bug Detection Shoaib Jameel.
7. Duplicated Code Metrics Duplicated Code Software quality

7. Duplicated Code Metrics Duplicated Code Software quality
(Page 554 – 564) Ping Perez CS 147 Summer 2001 Alternative Parallel Architectures  Dataflow  Systolic arrays  Neural networks.

(Page 554 – 564) Ping Perez CS 147 Summer 2001 Alternative Parallel Architectures  Dataflow  Systolic arrays  Neural networks.
Chapter 3 Planning Your Solution

Chapter 3 Planning Your Solution
Regression testing Tor Stållhane. What is regression testing – 1 Regression testing is testing done to check that a system update does not re- introduce.

Regression testing Tor Stållhane. What is regression testing – 1 Regression testing is testing done to check that a system update does not re- introduce.
Examining the Code [Reading assignment: Chapter 6, pp. 91-104]

Examining the Code [Reading assignment: Chapter 6, pp ]
Git: Part 1 Overview & Object Model These slides were largely cut-and-pasted from tutorial/, with some additions.

Git: Part 1 Overview & Object Model These slides were largely cut-and-pasted from tutorial/, with some additions.
Computer Programming and Basic Software Engineering 4. Basic Software Engineering 1 Writing a Good Program 4. Basic Software Engineering.

Computer Programming and Basic Software Engineering 4. Basic Software Engineering 1 Writing a Good Program 4. Basic Software Engineering.
© 2008, Renesas Technology America, Inc., All Rights Reserved 1 Purpose  This training course describes how to configure the the C/C++ compiler options.

© 2008, Renesas Technology America, Inc., All Rights Reserved 1 Purpose  This training course describes how to configure the the C/C++ compiler options.
EGR 2261 Unit 5 Control Structures II: Repetition  Read Malik, Chapter 5.  Homework #5 and Lab #5 due next week.  Quiz next week.

EGR 2261 Unit 5 Control Structures II: Repetition  Read Malik, Chapter 5.  Homework #5 and Lab #5 due next week.  Quiz next week.
University of Maryland Bug Driven Bug Finding Chadd Williams.

University of Maryland Bug Driven Bug Finding Chadd Williams.
Index tuning-- B+tree. overview © Dennis Shasha, Philippe Bonnet 2001 B+-Tree Locking Tree Traversal –Update, Read –Insert, Delete phantom problem: need.

Index tuning-- B+tree. overview © Dennis Shasha, Philippe Bonnet 2001 B+-Tree Locking Tree Traversal –Update, Read –Insert, Delete phantom problem: need.
Department of Computer Science, Graduate School of Information Science and Technology, Osaka University DCCFinder: A Very- Large Scale Code Clone Analysis.

Department of Computer Science, Graduate School of Information Science and Technology, Osaka University DCCFinder: A Very- Large Scale Code Clone Analysis.

Similar presentations

Ads by Google