Yingnong Dang,Dongmei Zhang,Song Ge,Chengyun Chu,Yingjun Qiu,Tao Xie

DOI: https://doi.org/10.1145/2420950.2421004

2012-01-01

Abstract:During software development, engineers often reuse a code fragment via copy-and-paste with or without modifications or adaptations. Such practices lead to a number of the same or similar code fragments spreading within one or many large codebases. Detecting code clones has been shown to be useful towards security such as detection of similar security bugs and, more generally, quality improvement such as refactoring of code clones. A large number of academic research projects have been carried out on empirical studies or tool supports for detecting code clones. In this paper, we report our experiences of carrying out successful technology transfer of our new approach of code-clone detection, called XIAO. XIAO has been integrated into Microsoft Visual Studio 2012, to be benefiting a huge number of developers in industry. The main success factors of XIAO include its high tunability, scalability, compatibility, and explorability. Based on substantial industrial experiences, we present the XIAO approach with emphasis on these success factors of XIAO. We also present empirical results on applying XIAO on real scenarios within Microsoft for the tasks of security-bug detection and refactoring.

Qiu-Yuan CHEN,Shan-Ping LI,Meng YAN,Xin XIA

DOI: https://doi.org/10.13328/j.cnki.jos.005711

2019-01-01

Journal of Software

Abstract:Code clone refers to more than two duplicate or similar code fragments existing in a software system. Code clone is a common phenomenon during software development which can facilitate development and has positive impacts on software system. However, research shows that code clone will also do harm to the development and maintenance of software system, including but not limited to the decline of stability, redundancy of source code repository and propagation of software defects. Code clone is one of the most active research areas in software engineering. Therefore, various detection techniques are proposed to automatically detect code clone in software systems, which help improve software quality. There are a lot of achievements in this area, and these techniques can be categorized to text-based, lexisbased, syntax-based and semantic-based categories. Current techniques have obtained effective results in text-based clone detection, but still challenges in detecting other types of code clone. More advanced and unified theoretic and technical guidelines are needed to improve code clone detection techniques. Therefore, in this paper, we present a literature review for code detection especially from the perspective of source code representation. In summary, the contributions of this paper are: (1) We conclude and classify current code clone detection techniques from the perspective of code representation; (2) We conclude the model validation and performance measures in model evaluation; and (3) We summarize the key issues of code clone research from three aspects: scientific, practical and technical difficulties. We elaborate on the possible solutions to the problems and the future development of the research, focusing on data annotation, characteri zation methods, model construction and engineering practice.

Gang Zhang,Xin Peng,Zhenchang Xing,Wenyun Zhao

DOI: https://doi.org/10.1109/icsm.2012.6405284

2012-01-01

Abstract:Code clones are similar code segments. Researchers have proposed many techniques to detect, understand and eliminate code clones. However, due to lack of deeper understanding of reasons of cloning practices, especially from personal and organizational perspectives, little effective support can be provided to alleviate maintenance problems caused by code clones. In this paper, we report an industrial study on investigating reasons of cloning practices in large-scale software development from technical, personal, and organizational perspectives. Our study involves code analysis, questionnaire survey, and interviews with developers, and gathers solid empirical data about how developers clone and why during different phases of clones' lifecycle in industrial development. The results of our study suggest that cloning is not simply a technical issue; it must be interpreted and understood in larger context in which code clones occur and evolve. Within these contexts, there are several adjustable factors and two critical points that affect the introduction, existence, and removal of clones. These adjustable factors and critical points reveal opportunities to improve cloning practices in industrial development from technical, personal, and organizational perspectives.

Tao Xie

DOI: https://doi.org/10.1109/AST.2017.10

2017-01-01

Abstract:Achieving successful technology adoption in practice has often been an important goal for both academic and industrial researchers. However, it is generally challenging to transfer research results into industrial products or into tools that are widely adopted. What are the key factors that lead to practical impact for a research project? This talk presents experiences and lessons learned in successfully transferring tools from two testing projects as collaborative efforts between the academia and industry. In the Pex project (research.microsoft.com/pex) [3], nearly a decade's collaborative efforts between Microsoft Research and academia have led to high-impact tools that are now shipped by Microsoft and adopted by the community. These tools include Fakes [2], a test isolation framework shipped with Visual Studio 2012/2013; IntelliTest, an automatic test generation tool shipped with Visual Studio 2015; and Code Hunt (www.codehunt.com) [1] (evolved from Pex4Fun [4]), a popular serious gaming platform for coding contests and practicing programming skills, which has attracted 350,000+ players from May 2014 to August 2016, and has been adopted in large-scale Microsoft Imagine Cup and Beauty of Programming contests. In the WeChat testing project, recent collaborative efforts [5], [6] between Tencent and academia have developed effective techniques for testing Android apps, by improving Google's Monkey, a popularly used Android testing tool in industry. The developed techniques have been applied to test WeChat, one of world's most popular messenger apps with over 800 million monthly active users.

Xin Xia,David Lo,Feng Zhu,Xinyu Wang,Bo Zhou

DOI: https://doi.org/10.1109/iceccs.2013.40

2013-01-01

Abstract:Software internationalization and localization are important steps in distributing and deploying software to different regions of the world. Internationalization refers to the process of reengineering a system such that it could support various languages and regions without further modification. Localization refers to the process of adapting an internationalized software for a specific language or region. Due to various reasons, many large legacy systems did not consider internationalization and localization at the early stage of development. In this paper, we present our experience on, and propose a process along with tool supports for software internationalization and localization. We reengineer a large legacy commercial financial system called PAM of State Street Corporation, which is written in C/C++, containing 30 different modules, and more than 5 millions of lines of source code. We propose a source code ranker that recovers important source code to be analyzed. Based on this code, we extract general patterns of the source code that need to be reengineered for internationalization. We divide the patterns into 2 categories: convertible patterns and suspicious patterns. To locate the source code that need to be modified, we develop an automated tool I18nLocator, that consumes these patterns and outputs the locations that match the patterns. The source codes matching the convertible patterns are automatically converted, and those matching the suspicious patterns are converted by developers considering the context of the corresponding codes. For localization, we extract hard-coded strings, translate them, and store them into resource data files. Out of the 504 thousands of lines of source code that are modified using our proposed approach, we can automatically modify 79.76% of them, saving much valuable developers' time. The quality of the resultant system is also good. The number of bugs per lines of code modified found during user acceptance test and deployment to the production environment is 0.000218 bugs/LOC.

Wahidur Rahman,Yisen Xu,Fan Pu,Jifeng Xuan,Xiangyang Jia,Michail Basios,Leslie Kanthan,Lingbo Li,Fan Wu,Baowen Xu

DOI: https://doi.org/10.48550/arXiv.2204.04247

2022-04-09

Abstract:Code clones are identical or similar code segments. The wide existence of code clones can increase the cost of maintenance and jeopardise the quality of software. The research community has developed many techniques to detect code clones, however, there is little evidence of how these techniques may perform in industrial use cases. In this paper, we aim to uncover the differences when such techniques are applied in industrial use cases. We conducted large scale experimental research on the performance of two state-of-the-art code clone detection techniques, SourcererCC and AutoenCODE, on both open source projects and an industrial project written in the Scala language. Our results reveal that both algorithms perform differently on the industrial project, with the largest drop in precision being 30.7\%, and the largest increase in recall being 32.4\%. By manually labelling samples of the industrial project by its developers, we discovered that there are substantially less Type-3 clones in the aforementioned project than that in the open source projects.

Software Engineering

Kechao Wang,Chenguang Zhu,Tiantian Wang,Xiaohong Su

DOI: https://doi.org/10.3969/j.issn.1001-3695.2017.03.025

2017-01-01

Abstract:Most existing clone detection tools only output the detection results in the form of clone sets,lacking clone analysis.To solve this problem,this paper proposed a key clone recognition approach.The approach could analysis the clones which decreased the quality of software.Firstly,this approach defined a unified clone representation form to support the analysis of various clone detection tools.Then,the approach analysed the source code and clone detection results to detect identifier renaming inconsistent clones,which were potential bugs.Next,the approach detected the clones diffusing in various functional different files,which might decrease the maintainability of software.Finally,the approach visually analysed the detection results.The proposed analysis tool analyzed the open source code httpd,which detected 1 identifier renaming inconsistent clone,and 44 clones diffusing in various functional different files.The experimental results show that it can facilitate the analysis and maintenance of code clones.

Yun Lin,Zhenchang Xing,Yinxing Xue,Yang Liu,Xin Peng,Jun Sun,Wenyun Zhao

DOI: https://doi.org/10.1145/2568225.2568298

2014-01-01

Abstract:Clone detectors find similar code fragments (i.e., instances of code clones) and report large numbers of them for industrial systems. To maintain or manage code clones, developers often have to investigate differences of multiple cloned code fragments. However,existing program differencing techniques compare only two code fragments at a time. Developers then have to manually combine several pairwise differencing results. In this paper, we present an approach to automatically detecting differences across multiple clone instances. We have implemented our approach as an Eclipse plugin and evaluated its accuracy with three Java software systems. Our evaluation shows that our algorithm has precision over 97.66% and recall over 95.63% in three open source Java projects. We also conducted a user study of 18 developers to evaluate the usefulness of our approach for eight clone-related refactoring tasks. Our study shows that our approach can significantly improve developers’performance in refactoring decisions, refactoring details, and task completion time on clone-related refactoring tasks. Automatically detecting differences across multiple clone instances also opens opportunities for building practical applications of code clones in software maintenance, such as auto-generation of application skeleton, intelligent simultaneous code editing.

Xunhui Zhang,Tao Wang,Yue Yu,Yanzhi Zhang,Yan Zhong,Huaimin Wang

DOI: https://doi.org/10.48550/arXiv.2202.08497

2022-02-17

Software Engineering

Abstract:The application of code clone technology accelerates code search, improves code reuse efficiency, and assists in software quality assessment and code vulnerability detection. However, the application of code clones also introduces software quality issues and increases the cost of software maintenance. As an important research field in software engineering, code clone has been extensively explored and studied by researchers, and related studies on various sub-research fields have emerged, including code clone detection, code clone evolution, code clone analysis, etc. However, there lacks a comprehensive exploration of the entire field of code clone, as well as an analysis of the trend of each sub-research field. This paper collects related work of code clones in the past ten years. In summary, the contributions of this paper mainly include: (1) summarize and classify the sub-research fields of code clone, and explore the relative popularity and relation of these sub-research fields; (2) analyze the overall research trend of code clone and each sub-research field; (3) compare and analyze the difference between academy and industry regarding code clone research; (4) construct a network of researchers, and excavate the major contributors in code clone research field; (5) The list of popular conferences and journals was statistically analyzed. The popular research directions in the future include clone visualization, clone management, etc. For the clone detection technique, researchers can optimize the scalability and execution efficiency of the method, targeting particular clone detection tasks and contextual environments, or apply the technology to other related research fields continuously.

Nikolai Tillmann,Jonathan de Halleux,Tao Xie

DOI: https://doi.org/10.1145/2642937.2642941

2014-01-01

Abstract:ABSTRACTProducing industry impacts has been an important, yet challenging task for the research community. In this paper, we report experiences on successful technology transfer of Pex and its relatives (tools derived from or associated with Pex) from Microsoft Research and lessons learned from more than eight years of research efforts by the Pex team in collaboration with academia. Moles, a tool associated with Pex, was shipped as Fakes with Visual Studio since August 2012, benefiting a huge user base of Visual Studio around the world. The number of download counts of Pex and its lightweight version called Code Digger has reached tens of thousands within one or two years. Pex4Fun (derived from Pex), an educational gaming website released since June 2010, has achieved high educational impacts, reflected by the number of clicks of the "Ask Pex!" button (indicating the attempts made by users to solve games in Pex4Fun) as over 1.5 million till July 2014. Evolved from Pex4Fun, the Code Hunt website has been used in a very large programming competition. In this paper, we discuss the technology background, tool overview, impacts, project timeline, and lessons learned from the project. We hope that our reported experiences can inspire more high-impact technology-transfer research from the research community.

Nikolai Tillmann,Jonathan de Halleux,Tao Xie

DOI: https://doi.org/10.1145/2642937.2642941

2014-01-01

Abstract:Producing industry impacts has been an important, yet challenging task for the research community. In this paper, we report experiences on successful technology transfer of Pex and its relatives (tools derived from or associated with Pex) from Microsoft Research and lessons learned from more than eight years of research efforts by the Pex team in collaboration with academia. Moles, a tool associated with Pex, was shipped as Fakes with Visual Studio since August 2012, benefiting a huge user base of Visual Studio around the world. The number of download counts of Pex and its lightweight version called Code Digger has reached tens of thousands within one or two years. Pex4Fun (derived from Pex), an educational gaming website released since June 2010, has achieved high educational impacts, reflected by the number of clicks of the "Ask Pex!" button (indicating the attempts made by users to solve games in Pex4Fun) as over 1.5 million till July 2014. Evolved from Pex4Fun, the Code Hunt website has been used in a very large programming competition. In this paper, we discuss the technology background, tool overview, impacts, project timeline, and lessons learned from the project. We hope that our reported experiences can inspire more high-impact technology-transfer research from the research community.

Gang Zhang,Xin Peng,Zhenchang Xing,Shihai Jiang,Hai Wang,Wenyun Zhao

DOI: https://doi.org/10.1109/ASE.2013.6693107

2013-01-01

Abstract:Effective clone management is essential for developers to recognize the introduction and evolution of code clones, to judge their impact on software quality, and to take appropriate measures if required. Our previous study shows that cloning practice is not simply a technical issue. It must be interpreted and considered in a larger context from technical, personal, and organizational perspectives. In this paper, we propose a contextual and on-demand code clone management approach called CCEvents (Code Cloning Events). Our approach provides timely notification about relevant code cloning events for different stakeholders through continuous monitoring of code repositories. It supports on-demand customization of clone monitoring strategies in specific technical, personal, and organizational contexts using a domain-specific language. We implemented the proposed approach and conducted an empirical study with an industrial project. The results confirm the requirements for contextual and on-demand code clone management and show the effectiveness of CCEvents in providing timely code cloning notifications and in helping to achieve effective clone management.

Simon Thompson,Huiqing Li,Andreas Schumacher

DOI: https://doi.org/10.22152/programming-journal.org/2017/1/8

2017-03-31

Abstract:The occurrence of similar code, or `code clones', can make program code difficult to read, modify and maintain. This paper describes industrial case studies of clone detection and elimination using a refactoring and clone detection tool. We discuss how the studies have informed the design of the tool; more importantly, we use the studies to illustrate the complex set of decisions that have to be taken when performing clone elimination in practice. The case studies were performed in collaboration with engineers from Ericsson AB, and used the refactoring tool Wrangler for Erlang. However, the conclusions we draw are largely language-independent, and set out the pragmatics of clone detection and elimination in real-world projects as well as design principles for clone detection decision-support tools.

Software Engineering,Programming Languages

Hannes Thaller,Rudolf Ramler,Josef Pichler,Alexander Egyed

DOI: https://doi.org/10.1109/ETFA.2017.8247574

2017-06-13

Abstract:The reuse of code fragments by copying and pasting is widely practiced in software development and results in code clones. Cloning is considered an anti-pattern as it negatively affects program correctness and increases maintenance efforts. Programmable Logic Controller (PLC) software is no exception in the code clone discussion as reuse in development and maintenance is frequently achieved through copy, paste, and modification. Even though the presence of code clones may not necessary be a problem per se, it is important to detect, track and manage clones as the software system evolves. Unfortunately, tool support for clone detection and management is not commonly available for PLC software systems or limited to generic tools with a reduced set of features. In this paper, we investigate code clones in a real-world PLC software system based on IEC 61131-3 Structured Text and C/C++. We extended a widely used tool for clone detection with normalization support. Furthermore, we evaluated the different types and natures of code clones in the studied system and their relevance for refactoring. Results shed light on the applicability and usefulness of clone detection in the context of industrial automation systems and it demonstrates the benefit of adapting detection and management tools for IEC 611313-3 languages.

Software Engineering

Yue Yuan,Fanlong Zhang,Xiaohong Su,TiantianWang

DOI: https://doi.org/10.1109/ICISCE.2016.63

2016-01-01

Abstract:Code clones have both negative and positive impacts on softwares. Researchers have proposed lots of detection tools to find clones from softwares. However, the information in detection results is not enough to help developers understand and maintain clones. Therefore, we design and implement a clone analysis tool, named CloneAyz, to aid developers to analyze and understand clones. CloneAyz can parse detection results of different tools automatically, and represent code clones in a unified form, which contains information about clone evolution and some clone metrics we extracted in order to improve clone analysis efficiency. We evaluate our tool on three open-source Java projects, and the results show that CloneAyz can help developers analyze and understand clones effectively. CloneAyz can also give some contributions for developers on clone maintenance, such as clone refactoring.

Yueming Wu,Deqing Zou,Shihan Dou,Siru Yang,Wei Yang,Feng Cheng,Liang Hong,Hai Jin

DOI: https://doi.org/10.1145/3324884.3416562

2020-01-01

Abstract:Code clone detection is to find out code fragments with similar functionalities, which has been more and more important in software engineering. Many approaches have been proposed to detect code clones, in which token-based methods are the most scalable but cannot handle semantic clones because of the lack of consideration of program semantics. To address the issue, researchers conduct program analysis to distill the program semantics into a graph representation and detect clones by matching the graphs. However, such approaches suffer from low scalability since graph matching is typically time-consuming.

Shihan Dou,Junjie Shan,Haoxiang Jia,Wenhao Deng,Zhiheng Xi,Wei He,Yueming Wu,Tao Gui,Yang Liu,Xuanjing Huang

2023-08-06

Abstract:Code cloning, the duplication of code fragments, is common in software development. While some reuse aids productivity, excessive cloning hurts maintainability and introduces bugs. Hence, automatic code clone detection is vital. Meanwhile, large language models (LLMs) possess diverse code-related knowledge, making them versatile for various software engineering challenges. However, LLMs' performance in code clone detection is unclear and needs more study for accurate assessment. In this paper, we provide the first comprehensive evaluation of LLMs for clone detection, covering different clone types, languages, and prompts. We find advanced LLMs excel in detecting complex semantic clones, surpassing existing methods. Adding intermediate reasoning steps via chain-of-thought prompts noticeably enhances performance. Additionally, representing code as vector embeddings, especially with text encoders, effectively aids clone detection.Lastly, the ability of LLMs to detect code clones differs among various programming languages. Our study suggests that LLMs have potential for clone detection due to their language capabilities, offering insights for developing robust LLM-based methods to enhance software engineering.

Software Engineering

Junaid Akram,Zhendong Shi,Majid Mumtaz,Ping Luo

DOI: https://doi.org/10.18293/seke2018-117

2018-01-01

Abstract:Code clone detection is a very hot topic in the field of software maintenance, reuseability and security.There is still a lack of techniques to detect near-miss clones at different level of granularities, especially in big code.This paper presents Distributed Code Clone Detection (DCCD) technique, which detects clones from big code bases based on feature extraction.We performed preprocessing, indexing and clone detection for almost 27 TB of source code (324 billion LOC), DCCD is quite faster and efficient as compared to existing distributed indexing and clone detection techniques, i.e. 36 times faster than Benjamin technique, which is 86 times faster than CCFinder.These two techniques are also distributed and just detect Type-1 and Type-2 clones, but our technique DCCD even detects Type-3 clones, efficiently.Our approach is faster, flexible, scalable and provides 87% accurate results with authenticity, ease of accessibility, upgradeability and maintainability.

Xiao-Hong SU,Fan-Long ZHANG

DOI: https://doi.org/10.11897/SP.J.1016.2018.00628

2018-01-01

Abstract:Software reuse is a common technology in software development which would introduce amount of code clones into the software.The existence of code clones increases the cost of software maintenance.The request for code clone maintenance given birth to a series of researches,such as the detection,analysis,maintenance of code clones.Concretely,clone detection aims to help developer collect all the code clones from software repository,clone analysis aims to help developer understand the presence of code clones as well as the impact to the software,and clone maintenance aims to help developers solve the problems caused by code clones.Though the researches have been launched much,the key problems of clone maintenance,i.e.the complexity and high cost of clone maintenance have not been solved effectively.To reduce the cost of software maintenance and improve the maintainability of the software,the management of code clones is imperative.However,the current studies on code clones are independent of each other.And unfortunately,the current clone management methods are not associated with the development process of the software,accordingly,the complexity of clone maintenance cannot be handled well.In this paper,we make a survey of the state-of-art achievements in the code clone researches.Firstly,we analyze the hotspots and trends of clone research,and find that clone detection and analysis were the hotspot research in the past,and the clone maintenance and clone management will become the hotspot research in the future.After that,we investigate all the clone researches from the different perspectives including clone definition,clone representation,clone detection,clone analysis and clone maintenance.Then,we analyze the current research status of clone management,and focus on the relationship among these researches.We also point out the shortage and the difficulties of current clone management methods from the point of view on clone management.We believe that clone management should combine with clone detection,analysis,maintenance as well as the software development process so as to effectively reduce the cost for maintaining clones at the software development phase.Yet,it will also undoubtedly increase the difficulty for clone management.To this end,in section of the future research prospects,we propose an approach of clone management that orienting to software development process,which aims to maintain and manage code clones along with software development process through combining clone detection,clone analysis,clone maintenance.In our approach,we believe that the clone representation and clone evaluation will be the key point in clone management.Finally,we discuss the directions and trends of future research.Clone management has brought new vitality to code clone research,which has aroused widely attention from both academia and industry,and it is significant in improving the maintainability,comprehensibility and quality of the software.

Yikun Hu,Yuanyuan Zhang,Juanru Li,Hui Wang,Bodong Li,Dawu Gu

DOI: https://doi.org/10.48550/arXiv.1808.06216

2018-08-19

Abstract:Binary code clone analysis is an important technique which has a wide range of applications in software engineering (e.g., plagiarism detection, bug detection). The main challenge of the topic lies in the semantics-equivalent code transformation (e.g., optimization, obfuscation) which would alter representations of binary code tremendously. Another chal- lenge is the trade-off between detection accuracy and coverage. Unfortunately, existing techniques still rely on semantics-less code features which are susceptible to the code transformation. Besides, they adopt merely either a static or a dynamic approach to detect binary code clones, which cannot achieve high accuracy and coverage simultaneously. In this paper, we propose a semantics-based hybrid approach to detect binary clone functions. We execute a template binary function with its test cases, and emulate the execution of every target function for clone comparison with the runtime information migrated from that template function. The semantic signatures are extracted during the execution of the template function and emulation of the target function. Lastly, a similarity score is calculated from their signatures to measure their likeness. We implement the approach in a prototype system designated as BinMatch which analyzes IA-32 binary code on the Linux platform. We evaluate BinMatch with eight real-world projects compiled with different compilation configurations and commonly-used obfuscation methods, totally performing over 100 million pairs of function comparison. The experimental results show that BinMatch is robust to the semantics-equivalent code transformation. Besides, it not only covers all target functions for clone analysis, but also improves the detection accuracy comparing to the state-of-the-art solutions.

Software Engineering