SlideShare a Scribd company logo

Mining Fix Patterns for FindBugs Violations

Dongsun Kim, profile picture
Dongsun Kim

The document discusses the use of static analysis tools, specifically FindBugs, in software projects to detect and address code violations. It emphasizes the importance of identifying and mining patterns in violation-fixing changes to improve software quality. The study also outlines examples of common violations, such as issues with object equality method implementations, and how developers can resolve them.

Technology
Related topics:
Unsupervised Learning
1 of 59
Downloaded 12 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
Mining Fix Patterns for 
 FindBugsViolations logotype of the University of Luxembourg 1 Interdisciplinary Centre for Security, Reliability and Trust (SnT), University of Luxembourg 2 School of Computing, KAIST, Daejeon, Republic of Korea Kui Liu1, Dongsun Kim1, Tegawendé F. Bissyandé1, 
 Shin Yoo2, Yves Le Traon1 29th May 2019
2 Static Analysis Tools
2 Static Analysis Tools Error Prone
2 Static Analysis Tools Error Prone Useful to detect common bugs/defects.
3 Violations from Static Analysis Tools Static analysis tools such as FindBugs detect violations Developers may (or may not) change source code to fix the violations.
3 Violations from Static Analysis Tools Static analysis tools such as FindBugs detect violations PopulateRepositoryMojo.java file at revision bdf3fe in project nbm-maven-plugin. Terms—Fix pattern, pattern mining, program repair, findbugs violation, unsupervised learning. F ODUCTION oftware projects widely use static code analysis ssess software quality and identify potential de- eral commercial [1], [2], [3] and open-source [4], ] tools are integrated into many software projects, operating system development projects [8]. For Java-based projects often adopt FindBugs [4] or while C projects use Splint [6], cppcheck [7], Static Analyzer [9], while Linux driver code matically assessed with a battery of static analyzers parse and the LDV toolkit. Developers may benefit tools before running a program in real environ- en though those tools do not guarantee that all defects are real bugs [10]. analysis can detect several types of defects such y vulnerabilities, performance issues, and bad ming practices (so-called code smells) [11]. Re- es denote those defects as static analysis viola- public boolean equals(Object obj) { // Violation Type: // BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS return getModule().equals( ((ModuleWrapper) obj).getModule()); } Fig. 1: Example of a detected violation, taken from Popu- lateRepositoryMojo.java file at revision bdf3fe in project nbm-maven-plugin1 . As later addressed by developers via a patch represented in Fig. 2, the method should return false if obj is not of the same type as the object being compared. In this case, when the type of obj argument is not the type of ModuleWrapper, a java.lang.ClassCastException should be thrown. public boolean equals(Object obj) { - return getModule().equals( Example Developers may (or may not) change source code to fix the violations.
3 Violations from Static Analysis Tools Static analysis tools such as FindBugs detect violations PopulateRepositoryMojo.java file at revision bdf3fe in project nbm-maven-plugin. Terms—Fix pattern, pattern mining, program repair, findbugs violation, unsupervised learning. F ODUCTION oftware projects widely use static code analysis ssess software quality and identify potential de- eral commercial [1], [2], [3] and open-source [4], ] tools are integrated into many software projects, operating system development projects [8]. For Java-based projects often adopt FindBugs [4] or while C projects use Splint [6], cppcheck [7], Static Analyzer [9], while Linux driver code matically assessed with a battery of static analyzers parse and the LDV toolkit. Developers may benefit tools before running a program in real environ- en though those tools do not guarantee that all defects are real bugs [10]. analysis can detect several types of defects such y vulnerabilities, performance issues, and bad ming practices (so-called code smells) [11]. Re- es denote those defects as static analysis viola- public boolean equals(Object obj) { // Violation Type: // BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS return getModule().equals( ((ModuleWrapper) obj).getModule()); } Fig. 1: Example of a detected violation, taken from Popu- lateRepositoryMojo.java file at revision bdf3fe in project nbm-maven-plugin1 . As later addressed by developers via a patch represented in Fig. 2, the method should return false if obj is not of the same type as the object being compared. In this case, when the type of obj argument is not the type of ModuleWrapper, a java.lang.ClassCastException should be thrown. public boolean equals(Object obj) { - return getModule().equals( Example Developers may (or may not) change source code to fix the violations. n software projects widely use static code analysis o assess software quality and identify potential de- everal commercial [1], [2], [3] and open-source [4], [7] tools are integrated into many software projects, ng operating system development projects [8]. For e, Java-based projects often adopt FindBugs [4] or ] while C projects use Splint [6], cppcheck [7], ng Static Analyzer [9], while Linux driver code tematically assessed with a battery of static analyzers Sparse and the LDV toolkit. Developers may benefit he tools before running a program in real environ- even though those tools do not guarantee that all ed defects are real bugs [10]. ic analysis can detect several types of defects such urity vulnerabilities, performance issues, and bad mming practices (so-called code smells) [11]. Re- udies denote those defects as static analysis viola- 12] or alerts [13]. In the remainder of this paper, ply refer to them as violations. Fig. 1 shows a viola- stance, detected by FindBugs, which is a violation BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS, oes not comply with the programming rule that the mentation of method equals(Object obj) should ke any assumption about the type of its obj argu- // Violation Type: // BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS return getModule().equals( ((ModuleWrapper) obj).getModule()); } Fig. 1: Example of a detected violation, taken from Popu- lateRepositoryMojo.java file at revision bdf3fe in project nbm-maven-plugin1 . As later addressed by developers via a patch represented in Fig. 2, the method should return false if obj is not of the same type as the object being compared. In this case, when the type of obj argument is not the type of ModuleWrapper, a java.lang.ClassCastException should be thrown. public boolean equals(Object obj) { - return getModule().equals( - ((ModuleWrapper) obj).getModule()); + return obj instanceof ModuleWrapper && + getModule().equals( + ((ModuleWrapper) obj).getModule()); } Fig. 2: Example of fixing violation, taken from Commit 0fd11c of project nbm-maven-plugin. Commit 0fd11c of project nbm-maven-plugin Example
4 How to fix them? FindBugs
4 How to fix them? FindBugs
4 How to fix them? FindBugs
5 Fixing based on bug description?
6 Fixing based on bug description?
6 Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method.
6 Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method.
6 Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method.
6 Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method.
7 Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method. Requires strong background knowledge. Provides not enough details.
8 Revision History Collecting violation-fixing changes
9 Revision History Program before changes Collecting violation-fixing changes
10 Revision History Program before changes FindBugs
11 Revision History Program before changes
12 Revision History Program before changes Patches
13 Revision History Program before changes
14 Revision History Program before changes Program after changes FindBugs
15 Revision History Program before changes Program after changes
15 Revision History Program before changes Program after changes
16 Revision History Program before changes Program after changes
17 Revision History Idea: Mining violation-fixing changes patterns
17 Revision History Idea: Mining violation-fixing changes patterns
17 Revision History Idea: Mining violation-fixing changes patterns Violation-fixing Changes
17 Revision History Idea: Mining violation-fixing changes patterns Violation-fixing Changes
17 Revision History Idea: Mining violation-fixing changes patterns Violation-fixing Changes Pattern Mining
17 Revision History Idea: Mining violation-fixing changes patterns Violation-fixing Changes Pattern Mining
17 Revision History Idea: Mining violation-fixing changes patterns Violation-fixing Changes Pattern Mining Fix Patterns
Approach 18
Approach 18
19 Overview
20 … … … … … … … Projects Commits Collecting violations with a static analysis tool SATool Violations Collecting violations
20 … … … … … … … Projects Commits Collecting violations with a static analysis tool SATool Violations Collecting violations <ViolationInstance> <ViolationType> BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS </ViolationType> <ProjectName> nbm-maven-plugin</ProjectName> <CommitVersionID>bdf3fe</CommitVersionID> <FilePath>nb-repository-plugin/src/main/java/org/ codehaus/mojo/nbm/repository/PopulateRepository Mojo.java</FilePath> <StartLineNumber>1195</StartLineNumber> <EndLineNumber>1195</EndLineNumber> </ViolationInstance>
21 Tracking violations Identify identical violations between revisions*. Detect whether a violation is fixed, or just removed. [*] P. Avgustinov, A. I. Baars, A. S. Henriksen, G. Lavender, G. Menzel, O. de Moor, M. Schfer, and J. Tibble, “Tracking Static Analysis Violations over Time to Capture Developer Characteristics,” in Proceedings of the 37th International Conference on Software Engineering, 2015, pp. 437–447. 

22 Parsing changes (i.e., patches) UPD ReturnStatement@@”return getModule().equals(((ModuleWrapper) obj).getModule());” ---INS InfixExpression@@”obj instanceof ModuleWrapper…” to ReturnStatement ------INS InstanceofExpression@@”obj instanceof ModuleWrapper ” to InfixExpression ---------INS Variable@@”obj” to InstanceofExpression ---------INS Operator@@”instanceof” to InstanceofExpression ---------INS SimpleType@@”ModuleWrapper” to InstanceofExpression ------MOV MethodInvocation@@” getModule().equals(…)” to InfixExpression We used GumTree* to identify AST-level changes. [*] J.-R. Falleri, F. Morandat, X. Blanc, M. Martinez, and M. Monperrus, “Fine-grained and accurate source code differencing,” in ACM/IEEE International Conference on Automated Software Engineering. Vasteras, Sweden - September 15 - 19: ACM, 2014, pp. 313–324.
23 Tokenizing change information UPD ReturnStatement@@”return getModule().equals(((ModuleWrapper) obj).getModule());” ---INS InfixExpression@@”obj instanceof ModuleWrapper…” to ReturnStatement ------INS InstanceofExpression@@”obj instanceof ModuleWrapper ” to InfixExpression ---------INS Variable@@”obj” to InstanceofExpression ---------INS Operator@@”instanceof” to InstanceofExpression ---------INS SimpleType@@”ModuleWrapper” to InstanceofExpression ------MOV MethodInvocation@@” getModule().equals(…)” to InfixExpression
23 Tokenizing change information [UPD ReturnStatement, INS InfixExpression, INS InstanceofExpression, INSVariable, INS Operator, INS SimpleType, MOV MethodInvocation] UPD ReturnStatement@@”return getModule().equals(((ModuleWrapper) obj).getModule());” ---INS InfixExpression@@”obj instanceof ModuleWrapper…” to ReturnStatement ------INS InstanceofExpression@@”obj instanceof ModuleWrapper ” to InfixExpression ---------INS Variable@@”obj” to InstanceofExpression ---------INS Operator@@”instanceof” to InstanceofExpression ---------INS SimpleType@@”ModuleWrapper” to InstanceofExpression ------MOV MethodInvocation@@” getModule().equals(…)” to InfixExpression Token Embedding (Word2Vec) <2, 6, 9, …> <8, 4, 1, …> <9, 0, 7, …> <2, 3, 0, …> … <7, 1, 2, …> …
23 Tokenizing change information [UPD ReturnStatement, INS InfixExpression, INS InstanceofExpression, INSVariable, INS Operator, INS SimpleType, MOV MethodInvocation] UPD ReturnStatement@@”return getModule().equals(((ModuleWrapper) obj).getModule());” ---INS InfixExpression@@”obj instanceof ModuleWrapper…” to ReturnStatement ------INS InstanceofExpression@@”obj instanceof ModuleWrapper ” to InfixExpression ---------INS Variable@@”obj” to InstanceofExpression ---------INS Operator@@”instanceof” to InstanceofExpression ---------INS SimpleType@@”ModuleWrapper” to InstanceofExpression ------MOV MethodInvocation@@” getModule().equals(…)” to InfixExpression Token Embedding (Word2Vec) <2, 6, 9, …> <8, 4, 1, …> <9, 0, 7, …> <2, 3, 0, …> … <7, 1, 2, …> …
24 … … n × k (a two-dimensional numeric vector) Input layer C1: 4 feature maps S1: 4 feature maps C2: 6 feature maps S2: 6 feature maps Convolutional layer Convolutional layerSubsampling layer Subsampling layer Fully connected layers Output layer UPD ReturnStatement INS InfixExpression INS InstanceofExpression INS Variable INS Operator INS SimpleType MOV MethodInvocation INSMethod 0 0 0 0 0 0 Dense layer Output is extracted features Embedding change information
24 … … n × k (a two-dimensional numeric vector) Input layer C1: 4 feature maps S1: 4 feature maps C2: 6 feature maps S2: 6 feature maps Convolutional layer Convolutional layerSubsampling layer Subsampling layer Fully connected layers Output layer UPD ReturnStatement INS InfixExpression INS InstanceofExpression INS Variable INS Operator INS SimpleType MOV MethodInvocation INSMethod 0 0 0 0 0 0 Dense layer Output is extracted features Embedding change information
25 Clustering Patches and Identifying Fix Patterns Violation Type: BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS Patch Example: - return exp1().equals(((T)obj).exp2()); + return obj instanceof T && exp1(). equals(((T)obj).exp2()); Fix Pattern###: UPD ReturnStatement ---INS InfixExpression ------MOV MethodInvocation ------INS InstanceofExpression ---------INS Variable ---------INS Instanceof ---------INS SimpleType ------INS Operator [*] D. Pelleg, A. W. Moore et al., “X-means: Extending k-means with efficient estimation of the number of clusters.” in ICML, vol. 1, 2000, pp. 727–734. *
26 Evaluation
27hese violations, as a result, 16,918,530 distinct e identified. ABLE 1: Subjects used in this study. # Projects 730 # Commits 291,615 # Violations (detected) 250,387,734 # Distinct violations 16,918,530 # Violations types 400 Subjects Collected from GitHub.com. With at least one violation fixing commits.
28 Fix Patterns Identified Violation Type: BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS Patch Example: - return exp1().equals(((T)obj).exp2()); + return obj instanceof T && exp1().equals(((T)obj).exp2()); Fix Pattern###: UPD ReturnStatement ---INS InfixExpression ------MOV MethodInvocation ------INS InstanceofExpression ---------INS Variable ---------INS Instanceof ---------INS SimpleType ------INS Operator We have identified 174 fix patterns for 111 violation types. Example
29
30 Comparison (Defects4J) Chart Closure Lang Math Mokito Time Total AVATAR* 5 8 5 6 2 1 27 CapGen 4 0 5 12 0 0 21 Nopol 1 0 3 1 0 0 5 ACS 2 0 3 12 0 1 18 SimFix 4 6 9 14 0 1 34 [*] K. Liu, A. Koyuncu, D. Kim, and T. F. Bissyandè, “AVATAR: Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations,” in 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER), 2019, pp. 1–12.
30 Comparison (Defects4J) Chart Closure Lang Math Mokito Time Total AVATAR* 5 8 5 6 2 1 27 CapGen 4 0 5 12 0 0 21 Nopol 1 0 3 1 0 0 5 ACS 2 0 3 12 0 1 18 SimFix 4 6 9 14 0 1 34 [*] K. Liu, A. Koyuncu, D. Kim, and T. F. Bissyandè, “AVATAR: Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations,” in 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER), 2019, pp. 1–12.
30 Comparison (Defects4J) Chart Closure Lang Math Mokito Time Total AVATAR* 5 8 5 6 2 1 27 CapGen 4 0 5 12 0 0 21 Nopol 1 0 3 1 0 0 5 ACS 2 0 3 12 0 1 18 SimFix 4 6 9 14 0 1 34 Note that our fix patterns are extracted only from violation fixing patterns. [*] K. Liu, A. Koyuncu, D. Kim, and T. F. Bissyandè, “AVATAR: Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations,” in 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER), 2019, pp. 1–12.
31 Live Study Subject # Pull Requests Submitted Merged Improved Rejected Ignored json-simple 2 2 commons-io 2 2 commons-lang 7 1 1 5 commons-math 6 6 ant 16 9 1 4 2 cassandra 9 9 mahout 3 3 aries 5 5 poi 44 44 camel 22 14 8 Total 116 67 2 15 32
31 Live Study Subject # Pull Requests Submitted Merged Improved Rejected Ignored json-simple 2 2 commons-io 2 2 commons-lang 7 1 1 5 commons-math 6 6 ant 16 9 1 4 2 cassandra 9 9 mahout 3 3 aries 5 5 poi 44 44 camel 22 14 8 Total 116 67 2 15 32
32 Summary X Live Study Subject # Pull Requests Submitted Merged Improved Rejected Ignored json-simple 2 2 commons-io 2 2 commons-lang 7 1 1 5 commons-math 6 6 ant 16 9 1 4 2 cassandra 9 9 mahout 3 3 aries 5 5 poi 44 44 camel 22 14 8 Total 116 67 2 15 32 X … … n × k (a two-dimensional numeric vector) Input layer C1: 4 feature maps S1: 4 feature maps C2: 6 feature maps S2: 6 feature maps Convolutional layer Convolutional layerSubsampling layer Subsampling layer Fully connected layers Output layer UPD ReturnStatement INS InfixExpression INS InstanceofExpression INS Variable INS Operator INS SimpleType MOV MethodInvocation INSMethod 0 0 0 0 0 0 Dense layer Output is extracted features Embedding change information X Overview X Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method.
33 Tool and Data https://github.com/FixPattern/findbugs-violations
34 https://www.darkrsw.net http://wwwen.uni.lu/snt/ research/serval Université du Luxembourg 1.1 - logotype of the University of Luxembourg The logotype may not be altered under any circumstances. It is to be used like this for all communication mediums. Université du Luxembourg © 03/2013 3.1 - the Interdisciplinary Centre for Security Reliability and Trust The SnT uses its own logo. It is used on all external communication tools in combination with the UL logo. Design guidelines are available at SnT. Hire me! Hiring

More Related Content

PPTX
TBar: Revisiting Template-based Automated Program Repair
Dongsun Kim
 
PDF
Learning to Spot and Refactor Inconsistent Method Names
Dongsun Kim
 
PPTX
A Closer Look at Real-World Patches
Dongsun Kim
 
PPTX
iFixR: Bug Report Driven Program Repair
Dongsun Kim
 
PDF
Bench4BL: Reproducibility Study on the Performance of IR-Based Bug Localization
Dongsun Kim
 
PPTX
LSRepair: Live Search of Fix Ingredients for Automated Program Repair
Dongsun Kim
 
PPTX
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
Dongsun Kim
 
PDF
Impact of Tool Support in Patch Construction
Dongsun Kim
 
TBar: Revisiting Template-based Automated Program Repair
Dongsun Kim
 
Learning to Spot and Refactor Inconsistent Method Names
Dongsun Kim
 
A Closer Look at Real-World Patches
Dongsun Kim
 
iFixR: Bug Report Driven Program Repair
Dongsun Kim
 
Bench4BL: Reproducibility Study on the Performance of IR-Based Bug Localization
Dongsun Kim
 
LSRepair: Live Search of Fix Ingredients for Automated Program Repair
Dongsun Kim
 
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
Dongsun Kim
 
Impact of Tool Support in Patch Construction
Dongsun Kim
 

What's hot (20)

PPTX
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
Dongsun Kim
 
PPTX
Automated Program Repair Keynote talk
Abhik Roychoudhury
 
PPT
Code Analysis-run time error prediction
NIKHIL NAWATHE
 
DOCX
Test final jav_aaa
BagusBudi11
 
PDF
Opal Hermes - towards representative benchmarks
MichaelEichberg1
 
PDF
Cppcheck and PVS-Studio compared
PVS-Studio
 
PDF
SherLog: Error Diagnosis by Connecting Clues from Run-time Logs
Dacong (Tony) Yan
 
PDF
150412 38 beamer methods of binary analysis
Raghu Palakodety
 
PPT
Crowd debugging (FSE 2015)
Sung Kim
 
PDF
Tesseract. Recognizing Errors in Recognition Software
Andrey Karpov
 
PPT
Handling Exceptions In C &amp; C++ [Part B] Ver 2
ppd1961
 
PDF
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...
Lionel Briand
 
PPTX
Static analysis works for mission-critical systems, why not yours?
Rogue Wave Software
 
PDF
Headache from using mathematical software
PVS-Studio
 
PDF
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Sung Kim
 
PPTX
Repair dagstuhl jan2017
Abhik Roychoudhury
 
PPTX
Mobilesoft 2017 Keynote
Abhik Roychoudhury
 
PPTX
STAR: Stack Trace based Automatic Crash Reproduction
Sung Kim
 
PDF
Assessing Product Line Derivation Operators Applied to Java Source Code: An E...
University of Rennes, INSA Rennes, Inria/IRISA, CNRS
 
PPTX
How to Profit from Static Analysis
Elena Laskavaia
 
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
Dongsun Kim
 
Automated Program Repair Keynote talk
Abhik Roychoudhury
 
Code Analysis-run time error prediction
NIKHIL NAWATHE
 
Test final jav_aaa
BagusBudi11
 
Opal Hermes - towards representative benchmarks
MichaelEichberg1
 
Cppcheck and PVS-Studio compared
PVS-Studio
 
SherLog: Error Diagnosis by Connecting Clues from Run-time Logs
Dacong (Tony) Yan
 
150412 38 beamer methods of binary analysis
Raghu Palakodety
 
Crowd debugging (FSE 2015)
Sung Kim
 
Tesseract. Recognizing Errors in Recognition Software
Andrey Karpov
 
Handling Exceptions In C &amp; C++ [Part B] Ver 2
ppd1961
 
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...
Lionel Briand
 
Static analysis works for mission-critical systems, why not yours?
Rogue Wave Software
 
Headache from using mathematical software
PVS-Studio
 
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Sung Kim
 
Repair dagstuhl jan2017
Abhik Roychoudhury
 
Mobilesoft 2017 Keynote
Abhik Roychoudhury
 
STAR: Stack Trace based Automatic Crash Reproduction
Sung Kim
 
Assessing Product Line Derivation Operators Applied to Java Source Code: An E...
University of Rennes, INSA Rennes, Inria/IRISA, CNRS
 
How to Profit from Static Analysis
Elena Laskavaia
 
Ad

Similar to Mining Fix Patterns for FindBugs Violations (20)

PDF
findbugs Bernhard Merkle
bmerkle
 
PDF
Jdj Foss Java Tools
Ganesh Samarthyam
 
PPTX
Finding bugs that matter with Findbugs
Carol McDonald
 
PDF
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Ganesh Samarthyam
 
PDF
Achieving quality with tools case study
EosSoftware
 
PPTX
Does static analysis need machine learning?
Andrey Karpov
 
PDF
Implementing Quality on a Java Project
Vincent Massol
 
PDF
Errors that static code analysis does not find because it is not used
Andrey Karpov
 
PPTX
Static code analysis: what? how? why?
Andrey Karpov
 
KEY
2 the essentials of effective java
Honnix Liang
 
PPTX
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMER
Andrey Karpov
 
PDF
Iasi code camp 20 april 2013 implement-quality-java-massol-codecamp
Codecamp Romania
 
PDF
Implementing quality in Java projects
Vincent Massol
 
PDF
Checking Clang 11 with PVS-Studio
Andrey Karpov
 
PPTX
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
Andrey Karpov
 
ODP
Формальная верификация как средство тестирования (в Java)
SQALab
 
PPTX
basic software testing principles and obectives.pptx
KomalSinghGill
 
PPTX
Static analysis: Around Java in 60 minutes
Andrey Karpov
 
PPTX
What static analyzers can do that programmers and testers cannot
Andrey Karpov
 
PPT
Dependable Software Development in Software Engineering SE18
koolkampus
 
findbugs Bernhard Merkle
bmerkle
 
Jdj Foss Java Tools
Ganesh Samarthyam
 
Finding bugs that matter with Findbugs
Carol McDonald
 
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
Ganesh Samarthyam
 
Achieving quality with tools case study
EosSoftware
 
Does static analysis need machine learning?
Andrey Karpov
 
Implementing Quality on a Java Project
Vincent Massol
 
Errors that static code analysis does not find because it is not used
Andrey Karpov
 
Static code analysis: what? how? why?
Andrey Karpov
 
2 the essentials of effective java
Honnix Liang
 
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMER
Andrey Karpov
 
Iasi code camp 20 april 2013 implement-quality-java-massol-codecamp
Codecamp Romania
 
Implementing quality in Java projects
Vincent Massol
 
Checking Clang 11 with PVS-Studio
Andrey Karpov
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
Andrey Karpov
 
Формальная верификация как средство тестирования (в Java)
SQALab
 
basic software testing principles and obectives.pptx
KomalSinghGill
 
Static analysis: Around Java in 60 minutes
Andrey Karpov
 
What static analyzers can do that programmers and testers cannot
Andrey Karpov
 
Dependable Software Development in Software Engineering SE18
koolkampus
 
Ad

Recently uploaded (20)

PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Approach and Philosophy of On baking technology
30anthuong17
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Encapsulation theory and applications.pdf
gurumoop
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Cloud computing and distributed systems.
kkkkkhan
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Teaching material agriculture food technology
LiaRayya
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 

Mining Fix Patterns for FindBugs Violations

  • 1. Mining Fix Patterns for 
 FindBugsViolations logotype of the University of Luxembourg 1 Interdisciplinary Centre for Security, Reliability and Trust (SnT), University of Luxembourg 2 School of Computing, KAIST, Daejeon, Republic of Korea Kui Liu1, Dongsun Kim1, Tegawendé F. Bissyandé1, 
 Shin Yoo2, Yves Le Traon1 29th May 2019
  • 4. 2 Static Analysis Tools Error Prone Useful to detect common bugs/defects.
  • 5. 3 Violations from Static Analysis Tools Static analysis tools such as FindBugs detect violations Developers may (or may not) change source code to fix the violations.
  • 6. 3 Violations from Static Analysis Tools Static analysis tools such as FindBugs detect violations PopulateRepositoryMojo.java file at revision bdf3fe in project nbm-maven-plugin. Terms—Fix pattern, pattern mining, program repair, findbugs violation, unsupervised learning. F ODUCTION oftware projects widely use static code analysis ssess software quality and identify potential de- eral commercial [1], [2], [3] and open-source [4], ] tools are integrated into many software projects, operating system development projects [8]. For Java-based projects often adopt FindBugs [4] or while C projects use Splint [6], cppcheck [7], Static Analyzer [9], while Linux driver code matically assessed with a battery of static analyzers parse and the LDV toolkit. Developers may benefit tools before running a program in real environ- en though those tools do not guarantee that all defects are real bugs [10]. analysis can detect several types of defects such y vulnerabilities, performance issues, and bad ming practices (so-called code smells) [11]. Re- es denote those defects as static analysis viola- public boolean equals(Object obj) { // Violation Type: // BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS return getModule().equals( ((ModuleWrapper) obj).getModule()); } Fig. 1: Example of a detected violation, taken from Popu- lateRepositoryMojo.java file at revision bdf3fe in project nbm-maven-plugin1 . As later addressed by developers via a patch represented in Fig. 2, the method should return false if obj is not of the same type as the object being compared. In this case, when the type of obj argument is not the type of ModuleWrapper, a java.lang.ClassCastException should be thrown. public boolean equals(Object obj) { - return getModule().equals( Example Developers may (or may not) change source code to fix the violations.
  • 7. 3 Violations from Static Analysis Tools Static analysis tools such as FindBugs detect violations PopulateRepositoryMojo.java file at revision bdf3fe in project nbm-maven-plugin. Terms—Fix pattern, pattern mining, program repair, findbugs violation, unsupervised learning. F ODUCTION oftware projects widely use static code analysis ssess software quality and identify potential de- eral commercial [1], [2], [3] and open-source [4], ] tools are integrated into many software projects, operating system development projects [8]. For Java-based projects often adopt FindBugs [4] or while C projects use Splint [6], cppcheck [7], Static Analyzer [9], while Linux driver code matically assessed with a battery of static analyzers parse and the LDV toolkit. Developers may benefit tools before running a program in real environ- en though those tools do not guarantee that all defects are real bugs [10]. analysis can detect several types of defects such y vulnerabilities, performance issues, and bad ming practices (so-called code smells) [11]. Re- es denote those defects as static analysis viola- public boolean equals(Object obj) { // Violation Type: // BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS return getModule().equals( ((ModuleWrapper) obj).getModule()); } Fig. 1: Example of a detected violation, taken from Popu- lateRepositoryMojo.java file at revision bdf3fe in project nbm-maven-plugin1 . As later addressed by developers via a patch represented in Fig. 2, the method should return false if obj is not of the same type as the object being compared. In this case, when the type of obj argument is not the type of ModuleWrapper, a java.lang.ClassCastException should be thrown. public boolean equals(Object obj) { - return getModule().equals( Example Developers may (or may not) change source code to fix the violations. n software projects widely use static code analysis o assess software quality and identify potential de- everal commercial [1], [2], [3] and open-source [4], [7] tools are integrated into many software projects, ng operating system development projects [8]. For e, Java-based projects often adopt FindBugs [4] or ] while C projects use Splint [6], cppcheck [7], ng Static Analyzer [9], while Linux driver code tematically assessed with a battery of static analyzers Sparse and the LDV toolkit. Developers may benefit he tools before running a program in real environ- even though those tools do not guarantee that all ed defects are real bugs [10]. ic analysis can detect several types of defects such urity vulnerabilities, performance issues, and bad mming practices (so-called code smells) [11]. Re- udies denote those defects as static analysis viola- 12] or alerts [13]. In the remainder of this paper, ply refer to them as violations. Fig. 1 shows a viola- stance, detected by FindBugs, which is a violation BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS, oes not comply with the programming rule that the mentation of method equals(Object obj) should ke any assumption about the type of its obj argu- // Violation Type: // BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS return getModule().equals( ((ModuleWrapper) obj).getModule()); } Fig. 1: Example of a detected violation, taken from Popu- lateRepositoryMojo.java file at revision bdf3fe in project nbm-maven-plugin1 . As later addressed by developers via a patch represented in Fig. 2, the method should return false if obj is not of the same type as the object being compared. In this case, when the type of obj argument is not the type of ModuleWrapper, a java.lang.ClassCastException should be thrown. public boolean equals(Object obj) { - return getModule().equals( - ((ModuleWrapper) obj).getModule()); + return obj instanceof ModuleWrapper && + getModule().equals( + ((ModuleWrapper) obj).getModule()); } Fig. 2: Example of fixing violation, taken from Commit 0fd11c of project nbm-maven-plugin. Commit 0fd11c of project nbm-maven-plugin Example
  • 8. 4 How to fix them? FindBugs
  • 9. 4 How to fix them? FindBugs
  • 10. 4 How to fix them? FindBugs
  • 11. 5 Fixing based on bug description?
  • 12. 6 Fixing based on bug description?
  • 13. 6 Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method.
  • 14. 6 Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method.
  • 15. 6 Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method.
  • 16. 6 Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method.
  • 17. 7 Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method. Requires strong background knowledge. Provides not enough details.
  • 30. 17 Revision History Idea: Mining violation-fixing changes patterns Violation-fixing Changes
  • 31. 17 Revision History Idea: Mining violation-fixing changes patterns Violation-fixing Changes
  • 32. 17 Revision History Idea: Mining violation-fixing changes patterns Violation-fixing Changes Pattern Mining
  • 33. 17 Revision History Idea: Mining violation-fixing changes patterns Violation-fixing Changes Pattern Mining
  • 34. 17 Revision History Idea: Mining violation-fixing changes patterns Violation-fixing Changes Pattern Mining Fix Patterns
  • 38. 20 … … … … … … … Projects Commits Collecting violations with a static analysis tool SATool Violations Collecting violations
  • 39. 20 … … … … … … … Projects Commits Collecting violations with a static analysis tool SATool Violations Collecting violations <ViolationInstance> <ViolationType> BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS </ViolationType> <ProjectName> nbm-maven-plugin</ProjectName> <CommitVersionID>bdf3fe</CommitVersionID> <FilePath>nb-repository-plugin/src/main/java/org/ codehaus/mojo/nbm/repository/PopulateRepository Mojo.java</FilePath> <StartLineNumber>1195</StartLineNumber> <EndLineNumber>1195</EndLineNumber> </ViolationInstance>
  • 40. 21 Tracking violations Identify identical violations between revisions*. Detect whether a violation is fixed, or just removed. [*] P. Avgustinov, A. I. Baars, A. S. Henriksen, G. Lavender, G. Menzel, O. de Moor, M. Schfer, and J. Tibble, “Tracking Static Analysis Violations over Time to Capture Developer Characteristics,” in Proceedings of the 37th International Conference on Software Engineering, 2015, pp. 437–447. 

  • 41. 22 Parsing changes (i.e., patches) UPD ReturnStatement@@”return getModule().equals(((ModuleWrapper) obj).getModule());” ---INS InfixExpression@@”obj instanceof ModuleWrapper…” to ReturnStatement ------INS InstanceofExpression@@”obj instanceof ModuleWrapper ” to InfixExpression ---------INS Variable@@”obj” to InstanceofExpression ---------INS Operator@@”instanceof” to InstanceofExpression ---------INS SimpleType@@”ModuleWrapper” to InstanceofExpression ------MOV MethodInvocation@@” getModule().equals(…)” to InfixExpression We used GumTree* to identify AST-level changes. [*] J.-R. Falleri, F. Morandat, X. Blanc, M. Martinez, and M. Monperrus, “Fine-grained and accurate source code differencing,” in ACM/IEEE International Conference on Automated Software Engineering. Vasteras, Sweden - September 15 - 19: ACM, 2014, pp. 313–324.
  • 42. 23 Tokenizing change information UPD ReturnStatement@@”return getModule().equals(((ModuleWrapper) obj).getModule());” ---INS InfixExpression@@”obj instanceof ModuleWrapper…” to ReturnStatement ------INS InstanceofExpression@@”obj instanceof ModuleWrapper ” to InfixExpression ---------INS Variable@@”obj” to InstanceofExpression ---------INS Operator@@”instanceof” to InstanceofExpression ---------INS SimpleType@@”ModuleWrapper” to InstanceofExpression ------MOV MethodInvocation@@” getModule().equals(…)” to InfixExpression
  • 43. 23 Tokenizing change information [UPD ReturnStatement, INS InfixExpression, INS InstanceofExpression, INSVariable, INS Operator, INS SimpleType, MOV MethodInvocation] UPD ReturnStatement@@”return getModule().equals(((ModuleWrapper) obj).getModule());” ---INS InfixExpression@@”obj instanceof ModuleWrapper…” to ReturnStatement ------INS InstanceofExpression@@”obj instanceof ModuleWrapper ” to InfixExpression ---------INS Variable@@”obj” to InstanceofExpression ---------INS Operator@@”instanceof” to InstanceofExpression ---------INS SimpleType@@”ModuleWrapper” to InstanceofExpression ------MOV MethodInvocation@@” getModule().equals(…)” to InfixExpression Token Embedding (Word2Vec) <2, 6, 9, …> <8, 4, 1, …> <9, 0, 7, …> <2, 3, 0, …> … <7, 1, 2, …> …
  • 44. 23 Tokenizing change information [UPD ReturnStatement, INS InfixExpression, INS InstanceofExpression, INSVariable, INS Operator, INS SimpleType, MOV MethodInvocation] UPD ReturnStatement@@”return getModule().equals(((ModuleWrapper) obj).getModule());” ---INS InfixExpression@@”obj instanceof ModuleWrapper…” to ReturnStatement ------INS InstanceofExpression@@”obj instanceof ModuleWrapper ” to InfixExpression ---------INS Variable@@”obj” to InstanceofExpression ---------INS Operator@@”instanceof” to InstanceofExpression ---------INS SimpleType@@”ModuleWrapper” to InstanceofExpression ------MOV MethodInvocation@@” getModule().equals(…)” to InfixExpression Token Embedding (Word2Vec) <2, 6, 9, …> <8, 4, 1, …> <9, 0, 7, …> <2, 3, 0, …> … <7, 1, 2, …> …
  • 45. 24 … … n × k (a two-dimensional numeric vector) Input layer C1: 4 feature maps S1: 4 feature maps C2: 6 feature maps S2: 6 feature maps Convolutional layer Convolutional layerSubsampling layer Subsampling layer Fully connected layers Output layer UPD ReturnStatement INS InfixExpression INS InstanceofExpression INS Variable INS Operator INS SimpleType MOV MethodInvocation INSMethod 0 0 0 0 0 0 Dense layer Output is extracted features Embedding change information
  • 46. 24 … … n × k (a two-dimensional numeric vector) Input layer C1: 4 feature maps S1: 4 feature maps C2: 6 feature maps S2: 6 feature maps Convolutional layer Convolutional layerSubsampling layer Subsampling layer Fully connected layers Output layer UPD ReturnStatement INS InfixExpression INS InstanceofExpression INS Variable INS Operator INS SimpleType MOV MethodInvocation INSMethod 0 0 0 0 0 0 Dense layer Output is extracted features Embedding change information
  • 47. 25 Clustering Patches and Identifying Fix Patterns Violation Type: BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS Patch Example: - return exp1().equals(((T)obj).exp2()); + return obj instanceof T && exp1(). equals(((T)obj).exp2()); Fix Pattern###: UPD ReturnStatement ---INS InfixExpression ------MOV MethodInvocation ------INS InstanceofExpression ---------INS Variable ---------INS Instanceof ---------INS SimpleType ------INS Operator [*] D. Pelleg, A. W. Moore et al., “X-means: Extending k-means with efficient estimation of the number of clusters.” in ICML, vol. 1, 2000, pp. 727–734. *
  • 49. 27hese violations, as a result, 16,918,530 distinct e identified. ABLE 1: Subjects used in this study. # Projects 730 # Commits 291,615 # Violations (detected) 250,387,734 # Distinct violations 16,918,530 # Violations types 400 Subjects Collected from GitHub.com. With at least one violation fixing commits.
  • 50. 28 Fix Patterns Identified Violation Type: BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS Patch Example: - return exp1().equals(((T)obj).exp2()); + return obj instanceof T && exp1().equals(((T)obj).exp2()); Fix Pattern###: UPD ReturnStatement ---INS InfixExpression ------MOV MethodInvocation ------INS InstanceofExpression ---------INS Variable ---------INS Instanceof ---------INS SimpleType ------INS Operator We have identified 174 fix patterns for 111 violation types. Example
  • 51. 29
  • 52. 30 Comparison (Defects4J) Chart Closure Lang Math Mokito Time Total AVATAR* 5 8 5 6 2 1 27 CapGen 4 0 5 12 0 0 21 Nopol 1 0 3 1 0 0 5 ACS 2 0 3 12 0 1 18 SimFix 4 6 9 14 0 1 34 [*] K. Liu, A. Koyuncu, D. Kim, and T. F. Bissyandè, “AVATAR: Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations,” in 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER), 2019, pp. 1–12.
  • 53. 30 Comparison (Defects4J) Chart Closure Lang Math Mokito Time Total AVATAR* 5 8 5 6 2 1 27 CapGen 4 0 5 12 0 0 21 Nopol 1 0 3 1 0 0 5 ACS 2 0 3 12 0 1 18 SimFix 4 6 9 14 0 1 34 [*] K. Liu, A. Koyuncu, D. Kim, and T. F. Bissyandè, “AVATAR: Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations,” in 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER), 2019, pp. 1–12.
  • 54. 30 Comparison (Defects4J) Chart Closure Lang Math Mokito Time Total AVATAR* 5 8 5 6 2 1 27 CapGen 4 0 5 12 0 0 21 Nopol 1 0 3 1 0 0 5 ACS 2 0 3 12 0 1 18 SimFix 4 6 9 14 0 1 34 Note that our fix patterns are extracted only from violation fixing patterns. [*] K. Liu, A. Koyuncu, D. Kim, and T. F. Bissyandè, “AVATAR: Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations,” in 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER), 2019, pp. 1–12.
  • 55. 31 Live Study Subject # Pull Requests Submitted Merged Improved Rejected Ignored json-simple 2 2 commons-io 2 2 commons-lang 7 1 1 5 commons-math 6 6 ant 16 9 1 4 2 cassandra 9 9 mahout 3 3 aries 5 5 poi 44 44 camel 22 14 8 Total 116 67 2 15 32
  • 56. 31 Live Study Subject # Pull Requests Submitted Merged Improved Rejected Ignored json-simple 2 2 commons-io 2 2 commons-lang 7 1 1 5 commons-math 6 6 ant 16 9 1 4 2 cassandra 9 9 mahout 3 3 aries 5 5 poi 44 44 camel 22 14 8 Total 116 67 2 15 32
  • 57. 32 Summary X Live Study Subject # Pull Requests Submitted Merged Improved Rejected Ignored json-simple 2 2 commons-io 2 2 commons-lang 7 1 1 5 commons-math 6 6 ant 16 9 1 4 2 cassandra 9 9 mahout 3 3 aries 5 5 poi 44 44 camel 22 14 8 Total 116 67 2 15 32 X … … n × k (a two-dimensional numeric vector) Input layer C1: 4 feature maps S1: 4 feature maps C2: 6 feature maps S2: 6 feature maps Convolutional layer Convolutional layerSubsampling layer Subsampling layer Fully connected layers Output layer UPD ReturnStatement INS InfixExpression INS InstanceofExpression INS Variable INS Operator INS SimpleType MOV MethodInvocation INSMethod 0 0 0 0 0 0 Dense layer Output is extracted features Embedding change information X Overview X Fixing based on bug description? BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS) The equals(Object o) method shouldn't make any assumptions about the type of o. It should simply return false if o is not the same type as this. BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK) This method compares an expression such as ((event.detail & SWT.SELECTED) > 0). Using bit arithmetic and then comparing with the greater than operator can lead to unexpected results (of course depending on the value of SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate for a bug. Even when SWT.SELECTED is not negative, it seems good practice to use '!= 0' instead of '> 0'. CN: Class implements Cloneable but does not define or use clone method (CN_IDIOM) Class implements Cloneable but does not define or use the clone method.
  • 59. 34 https://www.darkrsw.net http://wwwen.uni.lu/snt/ research/serval Université du Luxembourg 1.1 - logotype of the University of Luxembourg The logotype may not be altered under any circumstances. It is to be used like this for all communication mediums. Université du Luxembourg © 03/2013 3.1 - the Interdisciplinary Centre for Security Reliability and Trust The SnT uses its own logo. It is used on all external communication tools in combination with the UL logo. Design guidelines are available at SnT. Hire me! Hiring