The bug report duplication problem: an exploratory study

Duplicate bug report entries in bug trackers have a negative impact on software maintenance and evolution. This is due, among other factors, to the increased time spent on report analysis and validation, which in some cases takes over 20 min. Therefore, a considerable amount of time is lost in duplicate bug report analysis. In order to understand the possible factors that cause bug report duplication and its impact on software development, this paper presents an exploratory study in which bug tracking data from private and open source projects were analyzed. The results show, for example, that all projects we investigated had duplicate bug reports and a considerable amount of time was wasted by this duplication. Furthermore, features such as project lifetime, staff size, and the number of bug reports do not seem to be significant factors for duplication, while others, such as the submitters’ profile and the number of submitters, do seem to influence the bug report duplication.     

基于循环神经网络的缺陷报告分派方法

随着开源软件项目规模的不断增大,人工为缺陷报告分派合适的开发人员（缺陷分派）变得越来越困难.而不合适的缺陷分派往往会严重影响缺陷修复的效率,为此迫切需要一种缺陷分派辅助技术帮助项目管理者更好地完成缺陷分派任务.当前,大部分研究工作都基于缺陷报告文本以及相关元数据信息分析来刻画开发者的特征,忽略了对开发者活跃度的考虑,使得对具有相似特征的开发者进行缺陷报告分派预测时表现较差.本文提出了一个基于循环神经网络的深度学习模型DeepTriage,一方面利用双向循环网络加池化方法提取缺陷报告的文本特征,一方面利用单向循环网络提取特定时刻的开发者活跃度特征,并融合两者,利用已修复的缺陷报告进行监督学习.在Eclipse等四个不同的开源项目数据集上的实验结果表明,DeepTriage较同类工作在缺陷分派预测准确率上有显著提升.     

软件缺陷报告严重性属性分析

软件缺陷报告的严重性对缺陷的解决具有关键作用。随着软件规模的不断扩大,使用开源的软件缺陷跟踪系统成为海量缺陷信息数据的主要处理方法。分析缺陷报告严重性在数据仓库中的作用,是处理软件缺陷的重要内容。通过对Bugzilla缺陷跟踪系统数据的研究和分析,发现不同项目的属性特征差异较大,同时在修复率、解决时长、开发者、组件等属性上的统计特征具有一致性。对Mozilla项目和Eclipse项目的数据进行系统分析,并根据不同组件和项目中严重性程度分布情况,认为软件缺陷报告严重性程度的提升会导致缺陷修复率的提高,同时严重性程度为normal级别的缺陷解决时长最短,开发者持有缺陷的数量越高其修复率越低。     

Automated,highly-accurate,bug assignment using machine learning and tossing graphs

Empirical studies indicate that automating the bug assignment process has the potential to significantly reduce software evolution effort and costs. Prior work has used machine learning techniques to automate bug assignment but has employed a narrow band of tools which can be ineffective in large, long-lived software projects. To redress this situation, in this paper we employ a comprehensive set of machine learning tools and a probabilistic graph-based model (bug tossing graphs) that lead to highly-accurate predictions, and lay the foundation for the next generation of machine learning-based bug assignment. Our work is the first to examine the impact of multiple machine learning dimensions (classifiers, attributes, and training history) along with bug tossing graphs on prediction accuracy in bug assignment. We validate our approach on Mozilla and Eclipse, covering 856,259 bug reports and 21 cumulative years of development. We demonstrate that our techniques can achieve up to 86.09% prediction accuracy in bug assignment and significantly reduce tossing path lengths. We show that for our data sets the Naïve Bayes classifier coupled with product–component features, tossing graphs and incremental learning performs best. Next, we perform an ablative analysis by unilaterally varying classifiers, features, and learning model to show their relative importance of on bug assignment accuracy. Finally, we propose optimization techniques that achieve high prediction accuracy while reducing training and prediction time.     

Watir自规范测试框架在一体化项目测试中的应用

广东省水利业务一体化管理系统是广东省水利数据中心工程（数据中心工程）的重要组成部分,项目具有集成度高、大型、复杂等特点。基于传统的手工测试方法在一体化系统测试工作中严重制约了测试乃至项目研发的效率,通过实践文中提出了一种基于Watir的自规范测试方法,在有效降低一体化系统测试成本、缩短项目开发周期、提高项目研发效率的基础上消除了自动化测试带来的bug重现率降低的问题。该方法具有高效、可靠、稳定、便于实现等优点。     

WebSphere Portal 6.1: an agile development success story

Agile software development techniques are promising to deliver software faster, in better quality, and at a lower cost. Most examples relate to small, co-located teams working on a completely new project, with no legacy. This article focuses on applying Agile methods to a world-wide project with hundreds of developers delivering a market-leading product. In contrast to projects starting from scratch, existing customers have natural demands for support, bug fixes, and new features that focus on their particular needs.     

基于符号执行与模糊测试的混合测试方法

软件测试是保障软件质量的常用方法,如何获得高覆盖率是测试中十分重要且具有挑战性的研究问题.模糊测试与符号执行作为两大主流测试技术已被广泛研究并应用到学术界与工业界中,这两种技术都具有一定的优缺点：模糊测试随机变异生成测试用例并动态执行程序,可以执行并覆盖到较深的分支,但其很难通过变异的方法生成覆盖到复杂条件分支的测试用例.而符号执行依赖约束求解器,可以生成覆盖复杂条件分支的测试用例,但在符号化执行过程中往往会出现状态爆炸问题,因此很难覆盖到较深的分支.有工作已经证明,将符号执行与模糊测试相结合可以获得比单独使用模糊测试或者符号执行更好的效果.分析符号执行与模糊测试的优缺点,提出了一种基于分支覆盖将两种方法结合的混合测试方法——Afleer,结合双方优点从而可以生成具有更高分支覆盖率的测试用例.具体来说,模糊测试（例如AFL）为程序快速生成大量可以覆盖较深分支的测试用例,符号执行（例如KLEE）基于模糊测试的覆盖信息进行搜索,仅为未覆盖到的分支生成测试用例.为了验证Afleer的有效性,选取标准程序集LAVA-M以及实际项目oSIP作为评测对象,以漏洞检测能力以及覆盖能力作为评测指标.实验结果表明：（1）在漏洞检测能力上,Afleer总共可以发现755个漏洞,而AFL仅发现1个;（2）在覆盖能力上,Afleer在标准程序集上以及实际项目中都有不同程度的提升.其中,在oSIP中,Afleer比AFL在分支覆盖率上提高2.4倍,在路径覆盖率上提升6.1倍.除此之外,Afleer在oSIP中还检测出一个新的漏洞.     

融合信息检索和深度模型特征的软件缺陷定位方法

构建自动化的缺陷定位方法能够加快程序员利用缺陷报告定位到复杂软件系统缺陷代码的过程.早期相关研究人员将缺陷定位视为检索任务,通过分析缺陷报告和相关代码构造缺陷特征,并结合信息检索的方法实现缺陷定位.随着深度学习的发展,利用深度模型特征的缺陷定位方法也取得了一定效果.然而,由于深度模型训练的时间成本和耗费资源相对较高,现有基于深度模型的缺陷定位研究方法存在实验搜索空间和真实情况不符的情况.这些研究方法在测试时并没有将项目下的所有代码作为搜索空间,而仅仅搜索了与已有缺陷相关的代码, 例如DNNLOC方法,DeepLocator方法,DreamLoc方法.这种做法和现实中程序员进行缺陷定位的搜索场景是不一致的.致力于模拟缺陷定位的真实场景,本文提出了一种融合信息检索和深度模型特征的TosLoc方法进行缺陷定位.TosLoc方法首先通过信息检索的方式检索真实项目的所有源代码,确保已有特征的充分利用;再利用深度模型挖掘源代码和缺陷报告的语义,获取最终定位结果.通过两阶段的检索,TosLoc方法能够对单个项目的所有代码实现快速缺陷定位.通过在4个常用的真实Java项目上进行实验,本文提出的TosLoc方法能在检索速度和准确性上超越已有基准方法.和最优基准方法DreamLoc相比,TosLoc方法在消耗DreamLoc方法35%的检索时间下,平均MRR值比DreamLoc方法提高了2.5%,平均MAP值提高了6.0%.     

基于代价敏感间隔分布优化的软件缺陷定位

在大型软件项目的开发与维护中,从大量的代码文件中定位软件缺陷费时、费力,有效地进行软件缺陷自动定位,将能极大地降低开发成本.软件缺陷报告通常包含了大量未发觉的软件缺陷的信息,精确地寻找与缺陷报告相关联的代码文件,对于降低维护成本具有重要意义.目前,已有一些基于深度神经网络的缺陷定位技术相对于传统方法,其效果有所提升,但相关工作大多关注网络结构的设计,缺乏对训练过程中损失函数的研究,而损失函数对于预测任务的性能会有极大的影响.在此背景下,提出了代价敏感的间隔分布优化（cost-sensitive margin distribution optimization,简称CSMDO）损失函数,并将代价敏感的间隔分布优化层应用到深度卷积神经网络中,能够良好地处理软件缺陷数据的不平衡性,进一步提高缺陷定位的准确度.     

一种融合D_BBAS方法的重复缺陷报告检测

重复缺陷报告的自动化检测可以减少开发冗余和维护成本,最近重复缺陷报告的检测倾向于利用深度神经网络,并考虑结构化和非结构化信息来生成混合表示特征。为了更有效获得缺陷报告的非结构化信息的特征,提出一种D_BBAS（Doc2vec and BERT BiLSTM-attention similarity）方法,它基于大规模缺陷报告库训练特征提取模型,生成能反映深层次语义信息的缺陷摘要文本表示集和缺陷描述文本表示集;利用这两个分布式的表示集计算出缺陷报告对的相似度,从而得到两个新的相似度特征;这两个新特征将与基于结构化信息生成的传统特征结合后参与重复缺陷报告的检测。在著名开源项目Eclipse、NetBeans 和Open Office的缺陷报告库上验证了D_BBAS方法的有效性,其中包含超过50万个缺陷报告。实验结果表明,相比于代表性方法,该方法的F1值平均提升了1.7%,证明了D_BBAS方法的有效性。     

Extensions to the repetitive branch and bound algorithm for globally optimal clusterwise regression

A branch and bound strategy is proposed for solving the clusterwise regression problem, extending Brusco's repetitive branch and bound algorithm (RBBA). The resulting strategy relies upon iterative heuristic optimization, new ways of observation sequencing, and branch and bound optimization of a limited number of ending subsets. These three key features lead to significantly faster optimization of the complete set and the strategy has more general applications than only for clusterwise regression. Additionally, an efficient implementation of incremental calculations within the branch and bound search algorithm eliminates most of the redundant ones. Experiments using both real and synthetic data compare the various features of the proposed optimization algorithm and contrasts them against a benchmark mixed logical-quadratic programming formulation optimized by CPLEX. The results indicate that all components of the proposed algorithm provide significant improvements in processing times, and, when combined, generally provide the best performance, significantly outperforming CPLEX.     

WebSphere Portal 6.1: an agile development success story

Agile software development techniques are promising to deliver software faster, in better quality, and at a lower cost. Most examples relate to small, co-located teams working on a completely new project, with no legacy. This article focuses on applying Agile methods to a world-wide project with hundreds of developers delivering a market-leading product.In contrast to projects starting from scratch, existing customers have natural demands for support, bug fixes, and new features that focus on their particular needs.This article provides an overview of the most important Agile software development methods in addition to presenting ideas and solutions on how to apply Agile ideas to a large, existing product or solution. Important aspects that should be considered while deciding on what the Agile setup for your next software project should look like are explained.     

版本失配和数据泄露对基于缺陷报告的缺陷定位模型的影响

为了降低缺陷定位过程中的人力成本,研究者们在缺陷报告的基础上提出了许多基于信息检索的缺陷定位模型,包括使用传统特征和使用深度学习特征进行建模的定位模型.在评价不同缺陷定位模型时设计的实验中,现有研究大多忽视了缺陷报告所属的版本与目标源代码的版本之间存在的“版本失配”问题或/和在训练和测试模型时缺陷报告的时间顺序所引发的“数据泄露”问题.致力于报告现有模型在更加真实的应用场景下的性能表现,并分析版本失配和数据泄露问题对评估各模型真实性能产生的影响.选取6个使用传统特征的定位模型(BugLocator、BRTracer、BLUiR、AmaLgam、BLIA、Locus)和1个使用深度学习特征的定位模型(CodeBERT)作为研究对象.在5个不同实验设置下基于8个开源项目进行系统性的实证分析.首先, CodeBERT模型直接应用于缺陷定位效果并不理想,其定位的准确率依赖于目标项目的版本数目和源代码规模.其次,版本匹配设置下使用传统特征的定位模型在平均准确率均值(MAP)、平均序位倒数均值(MRR)两个指标上比版本失配实验设置下最高可以提高47.2%和46.0%, CodeBERT模型的效果也...     

The Y2K Boon to is and Business

Many have predicted that if the millennium bug crashes computers, the economic repercussions will be negative and severe. But those companies that have made their systems Y2K-compliant have realized many positive side effects that have made them more competitive and perform better.     

ChangeLocator: locate crash-inducing changes based on crash reports

Software crashes are severe manifestations of software bugs. Debugging crashing bugs is tedious and time-consuming. Understanding software changes that induce a crashing bug can provide useful contextual information for bug fixing and is highly demanded by developers. Locating the bug inducing changes is also useful for automatic program repair, since it narrows down the root causes and reduces the search space of bug fix location. However, currently there are no systematic studies on locating the software changes to a source code repository that induce a crashing bug reflected by a bucket of crash reports. To tackle this problem, we first conducted an empirical study on characterizing the bug inducing changes for crashing bugs (denoted as crash-inducing changes). We also propose ChangeLocator, a method to automatically locate crash-inducing changes for a given bucket of crash reports. We base our approach on a learning model that uses features originated from our empirical study and train the model using the data from the historical fixed crashes. We evaluated ChangeLocator with six release versions of Netbeans project. The results show that it can locate the crash-inducing changes for 44.7%, 68.5%, and 74.5% of the bugs by examining only top 1, 5 and 10 changes in the recommended list, respectively. It significantly outperforms the existing state-of-the-art approach.     

Debugging‐workflow‐aware software reliability growth analysis

Software reliability growth models support the prediction/assessment of product quality, release time, and testing/debugging cost. Several software reliability growth model extensions take into account the bug correction process. However, their estimates may be significantly inaccurate when debugging fails to fully fit modelling assumptions. This paper proposes debugging‐workflow‐aware software reliability growth method (DWA‐SRGM), a method for reliability growth analysis leveraging the debugging data usually managed by companies in bug tracking systems. On the basis of a characterization of the debugging workflow within the software project under consideration (in terms of bug features and treatment phases), DWA‐SRGM pinpoints the factors impacting the estimates and to spot bottlenecks, thus supporting process improvement decisions. Two industrial case studies are presented, a customer relationship management system and an enterprise resource planning system, whose defects span a period of about 17 and 13 months, respectively. DWA‐SRGM revealed effective to obtain more realistic estimates and to capitalize on the awareness of critical factors for improving debugging.     

On the unreliability of bug severity data

Severity levels, e.g., critical and minor, of bugs are often used to prioritize development efforts. Prior research efforts have proposed approaches to automatically assign the severity label to a bug report. All prior efforts verify the accuracy of their approaches using human-assigned bug reports data that is stored in software repositories. However, all prior efforts assume that such human-assigned data is reliable. Hence a perfect automated approach should be able to assign the same severity label as in the repository – achieving a 100% accuracy. Looking at duplicate bug reports (i.e., reports referring to the same problem) from three open-source software systems (OpenOffice, Mozilla, and Eclipse), we find that around 51 % of the duplicate bug reports have inconsistent human-assigned severity labels even though they refer to the same software problem. While our results do indicate that duplicate bug reports have unreliable severity labels, we believe that they send warning signals about the reliability of the full bug severity data (i.e., including non-duplicate reports). Future research efforts should explore if our findings generalize to the full dataset. Moreover, they should factor in the unreliable nature of the bug severity data. Given the unreliable nature of the severity data, classical metrics to assess the accuracy of models/learners should not be used for assessing the accuracy of approaches for automated assigning severity label. Hence, we propose a new approach to assess the performance of such models. Our new assessment approach shows that current automated approaches perform well – 77-86 % agreement with human-assigned severity labels.     

Icola — Incremental Constraint-Based Graphics for Visualization

Visualization is valuable in monitoring and debugging programs. The goal of the Wand research project at the University of Saskatchewan is to provide both a framework and tools for rapid development of visualization aids for logic programming languages. The ICOLA (Incremental Constraint-based Object Layout Algorithm) system is the newest graphics facility within Wand. ICOLA positions graphical objects according to object declarations and constraints specifying relative positional relationships among the objects. Three important features of ICOLA are that it is capable of creating reasonable pictures from highly under-constrained specifications, it uses an incremental constraint solution algorithm and hence generates those pictures efficiently, and it supports incremental (i.e. progressive) insertions and deletions of objects and constraints. The ability of the incremental algorithm to support such deletions is particularly noteworthy. This paper describes: PDI, the language supported by ICOLA; the incremental constraint solution algorithm itself; a successful implementation in Prolog and C; and results of a performance evaluation of the implementation.     

基于知识图谱的跨项目安全缺陷报告预测方法

安全缺陷报告可以描述软件产品中的安全关键漏洞.为了消除软件产品的安全攻击风险,安全缺陷报告(security bug report, SBR)预测越来越受到研究人员的关注.但在实际软件开发场景中,需要进行软件安全漏洞预测的项目可能是来自新公司或属于新启动的项目,没有足够的已标记安全缺陷报告供在实践中构建此软件安全漏洞预测模型.一种简单的解决方案就是使用迁移模型,即利用其他项目已经标记过的数据来构建预测模型.受到该领域最近的两项研究工作的启发,以安全关键字过滤为思路提出一种融合知识图谱的跨项目安全缺陷报告预测方法KG-SBRP (knowledge graph of security bug report prediction).使用安全缺陷报告中的文本信息域结合CWE(common weakness enumeration)与CVE Details (common vulnerabilities and exposures)共同构建三元组规则实体,以三元组规则实体构建安全漏洞知识图谱,在图谱中结合实体及其关系识别安全缺陷报告.将数据分为训练集和测试集进行模型拟合和性能评估.所构建的模型...