How Bugs Are Born: A Model to Identify How Bugs Are Introduced in Software Components (ICSE 2020 - Journal First)

Wed 24 June - Thu 16 July 2020

Who

Gema Rodríguez-Pérez, Gregorio Robles, Alexander Serebrenik, Andy Zaidman, Daniel M. German, Jesus M. Gonzalez-Barahona

Track

ICSE 2020 Journal First

Time Zone

The program is currently displayed in (UTC) Coordinated Universal Time.

Use conference time zone: (UTC) Coordinated Universal TimeSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Wed 8 Jul 2020 15:08 - 15:16 at Goguryeo - A8-Machine Learning and Models Chair(s): Liliana Pasquale

Abstract

When identifying the origin of software bugs, many studies assume that "a bug was introduced by the lines of code that were modified to fix it''. However, this assumption does not always hold and at least in some cases, these modified lines are not responsible for introducing the bug. For example, when the bug was caused by a change in an external API. The lack of empirical evidence makes it impossible to assess how important these cases are and therefore, to which extent the assumption is valid.

To advance in this direction, and better understand how bugs "are born'', we propose a model for defining criteria to identify the first snapshot of an evolving software system that exhibits a bug. This model, based on the \emph{perfect test} idea, decides whether a bug is observed after a change to the software. Furthermore, we studied the model’s criteria by carefully analyzing how 116 bugs were introduced in two different open source software projects. The manual analysis helped classify the root cause of those bugs and created manually curated datasets with bug-introducing changes and with bugs that were not introduced by any change in the source code. Finally, we used these datasets to evaluate the performance of four existing SZZ-based algorithms for detecting bug-introducing changes. We found that SZZ-based algorithms are not very accurate, especially when multiple commits are found; the F-Score varies from 0.44 to 0.77, while the percentage of true positives does not exceed 63%.

Our results show empirical evidence that the prevalent assumption, "a bug was introduced by the lines of code that were modified to fix it'', is just one case of how bugs are introduced in a software system. Finding what introduced a bug is not trivial: bugs can be introduced by the developers and be in the code, or be created irrespective of the code. Thus, further research towards a better understanding of the origin of bugs in software projects could help to improve design integration tests and to design other procedures to make software development more robust.

Link to Preprint

https://azaidman.github.io/publications/rodriguezEMSE2019.pdf

DOI

https://doi.org/10.1007/s10664-019-09781-y

Gema Rodríguez-Pérez

University of Waterloo, Canada

Canada

Gregorio Robles

Universidad Rey Juan Carlos

Spain

Alexander Serebrenik

Eindhoven University of Technology

Netherlands

Andy Zaidman

TU Delft

Netherlands

Daniel M. German

University of Victoria

Jesus M. Gonzalez-Barahona