research-article

Comparing static bug finders and statistical prediction

Authors:

Premkumar DevanbuAuthors Info & Claims

ICSE 2014: Proceedings of the 36th International Conference on Software Engineering

Pages 424 - 434

https://doi.org/10.1145/2568225.2568269

Published: 31 May 2014 Publication History

Abstract

The all-important goal of delivering better software at lower cost has led to a vital, enduring quest for ways to find and remove defects efficiently and accurately. To this end, two parallel lines of research have emerged over the last years. Static analysis seeks to find defects using algorithms that process well-defined semantic abstractions of code. Statistical defect prediction uses historical data to estimate parameters of statistical formulae modeling the phenomena thought to govern defect occurrence and predict where defects are likely to occur. These two approaches have emerged from distinct intellectual traditions and have largely evolved independently, in “splendid isolation”. In this paper, we evaluate these two (largely) disparate approaches on a similar footing. We use historical defect data to apprise the two approaches, compare them, and seek synergies. We find that under some accounting principles, they provide comparable benefits; we also find that in some settings, the performance of certain static bug-finders can be enhanced using information provided by statistical defect prediction.

References

[1]

E. Arisholm, L. C. Briand, and M. Fuglerud. Data mining techniques for building fault-proneness models in telecom java software. In ISSRE, pages 215–224. IEEE Computer Society, 2007.

Digital Library

[2]

E. Arisholm, L. C. Briand, and E. B. Johannessen. A systematic and comprehensive investigation of methods to build and evaluate fault prediction models. JSS, 83(1):2–17, 2010.

Digital Library

[3]

N. Ayewah, D. Hovemeyer, J. D. Morgenthaler, J. Penix, and W. Pugh. Using static analysis to find bugs. IEEE Software, 25(5):22–29, 2008.

Digital Library

[4]

A. Bessey, K. Block, B. Chelf, A. Chou, B. Fulton, S. Hallem, C. Henri-Gros, A. Kamsky, S. McPeak, and D. Engler. A few billion lines of code later: using static analysis to find bugs in the real world. Communications of the ACM, 53(2):66–75, 2010.

Digital Library

[5]

M. D’Ambros, M. Lanza, and R. Robbes. Evaluating defect prediction approaches: a benchmark and an extensive comparison. Empirical Software Engineering, 17(4-5):531–577, 2012.

Digital Library

[6]

K. El Emam, S. Benlarbi, N. Goel, and S. Rai. The confounding effect of class size on the validity of objectoriented metrics. TSE, 27(7):630–650, 2001.

Digital Library

[7]

D. Engler and K. Ashcraft. Racerx: effective, static detection of race conditions and deadlocks. In SOSP, volume 37, pages 237–252. ACM, 2003.

Digital Library

[8]

C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for java. In ACM Sigplan Notices, volume 37, pages 234– 245. ACM, 2002.

Digital Library

[9]

N. Jovanovic, C. Kruegel, and E. Kirda. Pixy: A static analysis tool for detecting web application vulnerabilities. In SP, pages 6–pp. IEEE, 2006.

Digital Library

[10]

S. Kim and M. D. Ernst. Which warnings should i fix first? In FSE, pages 45–54. ACM, 2007.

Digital Library

[11]

D. Larochelle and D. Evans. Statically detecting likely buffer overflow vulnerabilities. In USENIX Security Symposium, pages 177–190. Washington DC, 2001.

Digital Library

[12]

S. Lessmann, B. Baesens, C. Mues, and S. Pietsch. Benchmarking classification models for software defect prediction: A proposed framework and novel findings. TSE, 34(4):485–496, July 2008.

Digital Library

[13]

C. Lewis, Z. Lin, C. Sadowski, X. Zhu, R. Ou, and E. J. Whitehead Jr. Does bug prediction support human developers? findings from a google case study. In ICSE, pages 372–381. IEEE Press, 2013.

Digital Library

[14]

A. Marchenko and P. Abrahamsson. Predicting software defect density: a case study on automated static code analysis. In Agile Processes in Software Engineering and Extreme Programming, pages 137–140. Springer, 2007.

Digital Library

[15]

A. Meneely and L. A. Williams. Secure open source collaboration: an empirical study of linus’ law. In E. Al-Shaer, S. Jha, and A. D. Keromytis, editors, CCS, pages 453–462. ACM, 2009.

Digital Library

[16]

N. Nagappan and T. Ball. Static analysis tools as early indicators of pre-release defect density. In ICSE, pages 580–586. ACM, 2005.

Digital Library

[17]

N. Nagappan, B. Murphy, and V. Basili. The influence of organizational structure on software quality: an empirical case study. In ICSE, pages 521–530. ACM, 2008.

Digital Library

[18]

M. G. Nanda, M. Gupta, S. Sinha, S. Chandra, D. Schmidt, and P. Balachandran. Making defectfinding tools work for you. In ICSE, pages 99–108. ACM, 2010.

Digital Library

[19]

F. Rahman and P. Devanbu. How, and why, process metrics are better. In ICSE, pages 432–441. IEEE Press, 2013.

Digital Library

[20]

F. Rahman, D. Posnett, and P. Devanbu. Recalling the “imprecision” of cross-project defect prediction. In FSE. ACM, 2012.

Digital Library

[21]

F. Rahman, D. Posnett, I. Herraiz, and P. Devanbu. Sample size vs. bias in defect prediction. In FSE, 2013.

Digital Library

[22]

N. Ramasubbu, M. Cataldo, R. K. Balan, and J. D. Herbsleb. Configuring global software teams: a multicompany analysis of project productivity, quality, and profits. In ICSE, pages 261–270. ACM, 2011.

Digital Library

[23]

N. Rutar, C. B. Almazan, and J. S. Foster. A comparison of bug finding tools for java. In ISSRE, pages 245–256. IEEE, 2004.

Digital Library

[24]

A. September. IEEE standard glossary of software engineering terminology, 1990.

[25]

J. Śliwerski, T. Zimmermann, and A. Zeller. When do changes induce fixes? In ACM sigsoft software engineering notes, volume 30, pages 1–5. ACM, 2005.

Digital Library

[26]

F. Thung, D. Lo, L. Jiang, F. Rahman, P. T. Devanbu, et al. To what extent could we detect field defects? an empirical study of false negatives in static bug finding tools. In ASE, pages 50–59. ACM, 2012.

Digital Library

[27]

S. Wagner, J. Jürjens, C. Koller, and P. Trischberger. Comparing bug finding tools with reviews and tests. In Testing of Communicating Systems, pages 40–55. Springer, 2005.

Digital Library

[28]

G. Wassermann and Z. Su. Sound and precise analysis of web applications for injection vulnerabilities. In ACM Sigplan Notices, volume 42, pages 32–41. ACM, 2007.

Digital Library

[29]

H. Zhang and S. Cheung. A cost-effectiveness criterion for applying software defect prediction models. In FSE, pages 643–646. ACM, 2013.

Digital Library

[30]

J. Zheng, L. Williams, N. Nagappan, W. Snipes, J. P. Hudepohl, and M. A. Vouk. On the value of static analysis for fault detection in software. TSE, 32(4):240– 253, 2006.

Digital Library

Cited By

Esposito MFalaschi VFalessi D(2024)An Extensive Comparison of Static Application Security Testing ToolsProceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering10.1145/3661167.3661199(69-78)Online publication date: 18-Jun-2024
https://dl.acm.org/doi/10.1145/3661167.3661199
Rajkó RSiket IHegedűs PFerenc R(2024)Development of Partial Least Squares Regression with Discriminant Analysis for Software Bug PredictionHeliyon10.1016/j.heliyon.2024.e35045(e35045)Online publication date: Jul-2024
https://doi.org/10.1016/j.heliyon.2024.e35045
Nikravesh NKeyvanpour M(2024)Parameter tuning for software fault prediction with different variants of differential evolutionExpert Systems with Applications10.1016/j.eswa.2023.121251237(121251)Online publication date: Mar-2024
https://doi.org/10.1016/j.eswa.2023.121251
Show More Cited By

Index Terms

Comparing static bug finders and statistical prediction
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Recommendations

Recalling the "imprecision" of cross-project defect prediction
FSE '12: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering

There has been a great deal of interest in defect prediction: using prediction models trained on historical data to help focus quality-control resources in ongoing development. Since most new projects don't have historical data, there is interest in ...
Continuous Software Bug Prediction
ESEM '21: Proceedings of the 15th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)

Background: Many software bug prediction models have been proposed and evaluated on a set of well-known benchmark datasets. We conducted pilot studies on the widely used benchmark datasets and observed common issues among them. Specifically, most of ...
Cross-project smell-based defect prediction
Abstract
Defect prediction is a technique introduced to optimize the testing phase of the software development pipeline by predicting which components in the software may contain defects. Its methodology trains a classifier with data regarding a set of ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ICSE 2014: Proceedings of the 36th International Conference on Software Engineering

May 2014

1139 pages

ISBN:9781450327565

DOI:10.1145/2568225

General Chair:
Pankaj Jalote
IIIT-Delhi, India
,
Program Chairs:
Lionel Briand
University of Luxembourg, Luxembourg
,
André van der Hoek
University of California, Irvine, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

In-Cooperation

TCSE: IEEE Computer Society's Tech. Council on Software Engin.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 May 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ICSE '14

Sponsor:

SIGSOFT

ICSE '14: 36th International Conference on Software Engineering

May 31 - June 7, 2014

Hyderabad, India

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

79
Total Citations
View Citations
898
Total Downloads

Downloads (Last 12 months)17
Downloads (Last 6 weeks)2

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Esposito MFalaschi VFalessi D(2024)An Extensive Comparison of Static Application Security Testing ToolsProceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering10.1145/3661167.3661199(69-78)Online publication date: 18-Jun-2024
https://dl.acm.org/doi/10.1145/3661167.3661199
Rajkó RSiket IHegedűs PFerenc R(2024)Development of Partial Least Squares Regression with Discriminant Analysis for Software Bug PredictionHeliyon10.1016/j.heliyon.2024.e35045(e35045)Online publication date: Jul-2024
https://doi.org/10.1016/j.heliyon.2024.e35045
Nikravesh NKeyvanpour M(2024)Parameter tuning for software fault prediction with different variants of differential evolutionExpert Systems with Applications10.1016/j.eswa.2023.121251237(121251)Online publication date: Mar-2024
https://doi.org/10.1016/j.eswa.2023.121251
Majumder SChakraborty JMenzies T(2024)When less is more: on the value of “co-training” for semi-supervised software defect predictorsEmpirical Software Engineering10.1007/s10664-023-10418-429:2Online publication date: 24-Feb-2024
https://doi.org/10.1007/s10664-023-10418-4
Gupta NSinha R(2024)Predicting Software Faults Using Machine Learning Techniques: An Empirical StudyData Science and Big Data Analytics10.1007/978-981-99-9179-2_17(223-237)Online publication date: 17-Mar-2024
https://doi.org/10.1007/978-981-99-9179-2_17
C. SMenzies T(2023)Assessing the Early Bird Heuristic (for Predicting Project Quality)ACM Transactions on Software Engineering and Methodology10.1145/358356532:5(1-39)Online publication date: 24-Jul-2023
https://dl.acm.org/doi/10.1145/3583565
Guo ZLiu SLiu XLai WMa MZhang XNi CYang YLi YChen LZhou GZhou Y(2023)Code-line-level Bugginess Identification: How Far have We Come, and How Far have We Yet to Go?ACM Transactions on Software Engineering and Methodology10.1145/358257232:4(1-55)Online publication date: 27-May-2023
https://dl.acm.org/doi/10.1145/3582572
Zhao YDamevski KChen H(2023)A Systematic Survey of Just-in-Time Software Defect PredictionACM Computing Surveys10.1145/356755055:10(1-35)Online publication date: 2-Feb-2023
https://dl.acm.org/doi/10.1145/3567550
Papagiannopoulos KGlamočanin OAzouaoui MRos DRegazzoni FStojilović M(2023)The Side-channel Metrics Cheat SheetACM Computing Surveys10.1145/356557155:10(1-38)Online publication date: 2-Feb-2023
https://dl.acm.org/doi/10.1145/3565571
Sado FLoo CLiew WKerzel MWermter S(2023)Explainable Goal-driven Agents and Robots - A Comprehensive ReviewACM Computing Surveys10.1145/356424055:10(1-41)Online publication date: 2-Feb-2023
https://dl.acm.org/doi/10.1145/3564240
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents