Meng Yan,Xin Xia,Yuanrui Fan,Ahmed E. Hassan,David Lo,Shanping Li

DOI: https://doi.org/10.1109/tse.2020.2978819

IF: 7.4

2022-01-01

IEEE Transactions on Software Engineering

Abstract:Defect localization aims to locate buggy program elements (e.g., buggy files, methods or lines of code) based on defect symptoms, e.g., bug reports or program spectrum. However, when we receive the defect symptoms, the defect has been exposed and negative impacts have been introduced. Thus, one challenging task is: whether we can locate buggy program prior to the appearance of the defect symptom (e.g., when buggy program elements are being committed to a version control system). We refer to this type of defect localization as “Just-In-Time (JIT) Defect localization”. Although many prior studies have proposed various JIT defect identification methods to identify whether a new change is buggy, these prior methods do not locate the suspicious positions. Thus, JIT defect localization is the next step of JIT defect identification (i.e., after a buggy change is identified, suspicious source code lines are located). To address this problem, we propose a two-phase framework, i.e., JIT defect identification and JIT defect localization. Given a new change, JIT defect identification will identify it as buggy change or clean change first. If a new change is identified as buggy, JIT defect localization will rank the source code lines introduced by the new change according to their suspiciousness scores. The source code lines ranked at the top of the list are estimated as the defect location. For JIT defect identification phase, we use 14 change-level features to build a classifier by following existing approach. For JIT defect localization phase, we propose a JIT defect localization approach that leverages software naturalness with the N-gram model. To evaluate the proposed framework, we conduct an empirical study on 14 open source projects with a total of 177,250 changes. The results show that software naturalness is effective for our JIT defect localization. Our model achieves a reasonable performance, and outperforms the two baselines (i.e., random guess and a static bug finder (i.e., PMD)) by a substantial margin in terms of four ranking measures.

Fangcheng Qiu,Meng Yan,Xin Xia,Xinyu Wang,Yuanrui Fan,Ahmed E. Hassan,David Lo

DOI: https://doi.org/10.1145/3368089.3417927

2020-01-01

Abstract:In software development and maintenance, defect localization is necessary for software quality assurance. Current defect localization techniques mainly rely on defect symptoms (e.g., bug reports or program spectrum) when the defect has been exposed. One challenge task is: can we locate buggy program prior to the appearance of the defect symptom. Such kind of localization is conducted at an early stage (e.g., when buggy program elements are being checked-in) which can be an early step of continuous quality control. In this paper, we propose a Just-In-Time defect identification and lOcalization tool, named JITO, which can help developers to locate defective lines at check-in time. In summary, JITO contains two phases: (i) identify if a new change is buggy and (ii) locate suspicious buggy code lines in the identified buggy changes. We implement JITO as a plugin in an integrated development environment (i.e., Intellij IDEA). When developers using our plugin, JITO loads the local Git repository to build the JIT defect identification model and localization model based on historical changes. After submitting a new change to the local repository, developers apply JITO to identify whether it is a buggy change. If a buggy change is identified, JITO leverages JIT defect localization model to locate its suspicious buggy lines and highlight them in Intellij IDEA. Experimental results show that JITO outperforms two baselines (i.e., random guess and a static bug finder (i.e., PMD)) by a substantial margin in terms of four ranking measures. Demo URL: https://youtu.be/tvnYs62FkEQ Plugin download: https://git.io/Jf5r1

Fangcheng Qiu,Zhipeng Gao,Xin Xia,David Lo,John Grundy,Xinyu Wang

DOI: https://doi.org/10.1109/tse.2021.3135875

IF: 7.4

2021-01-01

IEEE Transactions on Software Engineering

Abstract:During software development and maintenance, defect localization is an essential part of software quality assurance. Even though different techniques have been proposed for defect localization, i.e., information retrieval (IR)-based techniques and spectrum-based techniques, they can only work after the defect has been exposed, which can be too late and costly to adapt to the newly introduced bugs in the daily development. There are also many JIT defect prediction tools that have been proposed to predict the buggy commit. But these tools do not locate the suspicious buggy positions in the buggy commit. To assist developers to detect bugs in time and avoid introducing them, just-in-time (JIT) bug localization techniques have been proposed, which is targeting to locate suspicious buggy code after a change commit has been submitted. In this paper, we propose a novel JIT defect localization approach, named DeepDL (Deep Learning-based defect localization), to locate defect code lines within a defect introducing change. DeepDL employs a neural language model to capture the semantics of the code lines, in this way, the naturalness of each code line can be learned and converted to a suspiciousness score. The core of our DeepDL is a deep learning-based neural language model. We train the neural language model with previous snapshots (history versions) of a project so that it can calculate the naturalness of a piece of code. In its application, for a given new code change, DeepDL automatically assigns a suspiciousness score to each code line and sorts these code lines in descending order of this score. The code lines at the top of the list are considered as potential defect locations. Our tool can assist developers efficiently check buggy lines at an early stage, which is able to reduce the risk of introducing bugs in time and improve the developers’ confidence in the reliability of their software. We conducted an extensive experiment on 14 open source Java projects with a total of 11,615 buggy changes. We evaluate the experimental results considering four evaluation metrics. The experimental results show that our method outperforms the state-of-the-art by a substantial margin.

engineering, electrical & electronic,computer science, software engineering

Huan Zhang,Li Kuang,Aolang Wu,Qiuming Zhao,Xiaoxian Yang

DOI: https://doi.org/10.1049/sfw2.12131

2023-01-01

IET Software

Abstract:Just-In-Time (JIT) defect prediction aims to predict the defect proneness of software changes when they are initially submitted. It has become a hot topic in software defect prediction due to its timely manner and traceability. Researchers have proposed many JIT defect prediction approaches. However, these approaches cannot effectively utilise line labels representing added or removed lines and ignore the noise caused by defect-irrelevant files. Therefore, a JIT defect prediction model enhanced by the joint method of line label Fusion and file Filtering (JIT-FF) is proposed. Firstly, to distinguish added and removed lines while preserving the original software changes information, the authors represent the code changes as original, added, and removed codes according to line labels. Secondly, to obtain semantics-enhanced code representation, a cross-attention-based line label fusion method to perform complementary feature enhancement is proposed. Thirdly, to generate code changes containing fewer defect-irrelevant files, the authors formalise the file filtering as a sequential decision problem and propose a reinforcement learning-based file filtering method. Finally, based on generated code changes, CodeBERT-based commit representation and multi-layer perceptron-based defect prediction are performed to identify the defective software changes. The experiments demonstrate that JIT-FF can predict defective software changes more effectively.

Ying Yin,Yucen Shi,Yuhai Zhao,Fazal Wahab

DOI: https://doi.org/10.1002/smr.2552

2024-01-01

Abstract:Software quality is key to the success of software systems. Modern software systems are growing in their worth based on industry needs and becoming more complex, which inevitably increases the possibility of more defects in software systems. Software repairing is time-consuming, especially locating the source files related to specific software defect reports. To locate defective source files more quickly and accurately, automated software defect location technology is generated and has a huge application value. The existing deep learning-based software defect location method focuses on extracting the semantic correlation between the source file and the corresponding defect reports. However, the extensive code structure information contained in the source files is ignored. To this end, we propose a software defect location method, namely, multi-graph learning-based software defect location (MGSDL). By extracting the program dependency graphs for functions, each source file is converted into a graph bag containing multiple graphs (i.e., multi-graph). Further, a multi-graph learning method is proposed, which learns code structure information from multi-graph to establish the semantic association between source files and software defect reports. Experiments' results on four publicly available datasets, AspectJ, Tomcat, Eclipse UI, and SWT, show that MGSDL improves on average 3.88%, 5.66%, 13.23%, 9.47%, and 3.26% over the competitive methods in five evaluation metrics, rank@10, rank@5, MRR, MAP, and AUC, respectively.

Jinping Liu,Yuming Zhou,Yibiao Yang,Hongmin Lu

2020-01-01

Abstract:Just-in-time (JIT) defect identification, a.k.a. change-level defect identification, is referred to as identifying defect-introducing code or commit change of a software at check-in time [4]. One well-known approach for JIT defect identification is the SZZ algorithm, first introduced by Sliwerski, Zimmermann, and Zeller [4], aiming to identify defect-inducing changes in software based on bug reports by traversing the change history associated with a target defect. As developers are suggested to inspect the defective changes after the identification process to give fresh feedbacks, many recent JIT defect identification approaches have been considering the inspection effort of defect-inducing changes as a key factor, which are referred to as effort-aware JIT defect identification [2]. In general, these approaches fall into two directions–supervised [1] and unsupervised [2, 3]. In addition, studies [2, 5] have been conducted to assess their performance with respect to measures such as F1-score. In this seminar, the student is required to examine and discuss the state-of-the-art effort-aware JIT defect identification approaches, and to compare their, e.g., technical details and performance.

Jonathan Bryan,Pablo Moriano

DOI: https://doi.org/10.1371/journal.pone.0284077

2023-04-15

Abstract:The increasing complexity of today's software requires the contribution of thousands of developers. This complex collaboration structure makes developers more likely to introduce defect-prone changes that lead to software faults. Determining when these defect-prone changes are introduced has proven challenging, and using traditional machine learning (ML) methods to make these determinations seems to have reached a plateau. In this work, we build contribution graphs consisting of developers and source files to capture the nuanced complexity of changes required to build software. By leveraging these contribution graphs, our research shows the potential of using graph-based ML to improve Just-In-Time (JIT) defect prediction. We hypothesize that features extracted from the contribution graphs may be better predictors of defect-prone changes than intrinsic features derived from software characteristics. We corroborate our hypothesis using graph-based ML for classifying edges that represent defect-prone changes. This new framing of the JIT defect prediction problem leads to remarkably better results. We test our approach on 14 open-source projects and show that our best model can predict whether or not a code change will lead to a defect with an F1 score as high as 77.55% and a Matthews correlation coefficient (MCC) as high as 53.16%. This represents a 152% higher F1 score and a 3% higher MCC over the state-of-the-art JIT defect prediction. We describe limitations, open challenges, and how this method can be used for operational JIT defect prediction.

Software Engineering,Machine Learning,Social and Information Networks

Xin Chen,Tian Sun,Dongling Zhuang,Dongjin Yu,He Jiang,Zhide Zhou,Sicheng Li

DOI: https://doi.org/10.1109/tse.2024.3454605

IF: 7.4

2024-01-01

IEEE Transactions on Software Engineering

Abstract:Automated software fault localization has become one of the hot spots on which researchers have focused in recent years. Existing studies have shown that learning-based techniques can effectively localize faults leveraging various information. However, there exist two problems in these techniques. The first is that they simply represent various information without caring the contribution of different information. The second is that the data imbalance problem is not considered in these techniques. Thus, their effectiveness is limited in practice. In this paper, we propose HetFL, a novel heterogeneous graph-based software fault localization technique to aggregate different information into a heterogeneous graph in which program entities and test cases are regarded as nodes, and coverage, change histories, and call relationships are viewed as edges. HetFL first extracts textual and structure information from source code as attributes of nodes and integrates them to form an attribute vector. Then, for a given node, HetFL finds its neighbor nodes based on the types of edges and aggregates corresponding neighbor nodes to form type vectors. After that, the attribute vector and all the type vectors of each node are aggregated to generate the final vector representation by an attention mechanism. Finally, we leverage a convolution neural network (CNN) to obtain the suspicious score of each method. To validate the effectiveness of HetFL, experiments are conducted on the widely used dataset Defects4J (v1.2.0). The experimental results show that HetFL can localize 217 faults within Top-1 that is 25 higher than the state-of-the-art technique DeepFL, and achieve 6.37 and 5.58 in terms of MAR and MFR which improve DeepFL by 9.0% and 5.6%, respectively. In addition, we also perform experiments on the latest version of Defects4J (v2.0.0). The experimental results show that HetFL has better performance than the baseline methods.

Giuseppe Ng,Charibeth Cheng

DOI: https://doi.org/10.48550/arXiv.2110.00579

2021-10-02

Software Engineering

Abstract:With software system complexity leading to the rise of software defects, research efforts have been done on techniques towards predicting software defects and Just-in-time (JIT) defect prediction which predicts whether a code change is defective. While using features to determine potentially defective code change, inspection effort is still significant. As code change can impact several files, we investigate an open source project to identify potential gaps with features in JIT perspective. In addition, with a lack of publicly available JIT dataset that link the features with actual commits, we also present a new dataset that can be utilized in JIT and semantic analysis.

Md Nakhla Rafi,Dong Jae Kim,An Ran Chen,Tse-Hsun Chen,Shaowei Wang

2024-05-01

Abstract:Automatic software fault localization plays an important role in software quality assurance by pinpointing faulty locations for easier debugging. Coverage-based fault localization, a widely used technique, employs statistics on coverage spectra to rank code based on suspiciousness scores. However, the rigidity of statistical approaches calls for learning-based techniques. Amongst all, Grace, a graph-neural network (GNN) based technique has achieved state-of-the-art due to its capacity to preserve coverage spectra, i.e., test-to-source coverage relationships, as precise abstract syntax-enhanced graph representation, mitigating the limitation of other learning-based technique which compresses the feature representation. However, such representation struggles with scalability due to the increasing complexity of software and associated coverage spectra and AST graphs. In this work, we proposed a new graph representation, DepGraph, that reduces the complexity of the graph representation by 70% in nodes and edges by integrating interprocedural call graph in the graph representation of the code. Moreover, we integrate additional features such as code change information in the graph as attributes so the model can leverage rich historical project data. We evaluate DepGraph using Defects4j 2.0.0, and it outperforms Grace by locating 20% more faults in Top-1 and improving the Mean First Rank (MFR) and the Mean Average Rank (MAR) by over 50% while decreasing GPU memory usage by 44% and training/inference time by 85%. Additionally, in cross-project settings, DepGraph surpasses the state-of-the-art baseline with a 42% higher Top-1 accuracy, and 68% and 65% improvement in MFR and MAR, respectively. Our study demonstrates DepGraph's robustness, achieving state-of-the-art accuracy and scalability for future extension and adoption.

Software Engineering

Xiangping Chen,Furen Xu,Yuan Huang,Neng Zhang,Zibin Zheng

DOI: https://doi.org/10.1145/3643727

2024-01-01

Abstract:Just-in-time defect prediction (JIT-DP) is used to predict the defect-proneness of a commit and just-in-time defect localization (JIT-DL) is used to locate the exact buggy positions (defective lines) in a commit. Recently, various JIT-DP and JIT-DL techniques have been proposed, while most of them use a post-mortem way (e.g., code entropy, attention weight, LIME) to achieve the JIT-DL goal based on the prediction results in JIT-DP. These methods do not utilize the label information of the defective code lines during model building. In this paper, we propose a unified model JIT-Smart, which makes the training process of just-in-time defect prediction and localization tasks a mutually reinforcing multi-task learning process. Specifically, we design a novel defect localization network (DLN), which explicitly introduces the label information of defective code lines for supervised learning in JIT-DL with considering the class imbalance issue. To further investigate the accuracy and cost-effectiveness of JIT-Smart, we compare JIT-Smart with 7 state-of-the-art baselines under 5 commit-level and 5 line-level evaluation metrics in JIT-DP and JIT-DL. The results demonstrate that JIT-Smart is statistically better than all the state-of-the-art baselines in JIT-DP and JIT-DL. In JIT-DP, at the median value, JIT-Smart achieves F1-Score of 0.475, AUC of 0.886, Recall@20%Effort of 0.823, Effort@20%Recall of 0.01 and Popt of 0.942 and improves the baselines by 19.89%-702.74%, 1.23%-31.34%, 9.44%-33.16%, 21.6%-53.82% and 1.94%-34.89%, respectively . In JIT-DL, at the median value, JIT-Smart achieves Top-5 Accuracy of 0.539 and Top-10 Accuracy of 0.396, Recall@20%Effort line of 0.726, Effort@20%Recall line of 0.087 and IFA line of 0.098 and improves the baselines by 101.83%-178.35%, 101.01%-277.31%, 257.88%-404.63%, 71.91%-74.31% and 99.11%-99.41%, respectively. Statistical analysis shows that our JIT-Smart performs more stably than the best-performing model. Besides, JIT-Smart also achieves the best performance compared with the state-of-the-art baselines in cross-project evaluation.

Chanathip Pornprasit,Chakkrit Tantithamthavorn,Chakkrit Kla Tantithamthavorn

DOI: https://doi.org/10.1109/msr52588.2021.00049

2021-05-01

Abstract:A Just-In-Time (JIT) defect prediction model is a classifier to predict if a commit is defect-introducing. Recently, CC2Vec—a deep learning approach for Just-In-Time defect prediction—has been proposed. However, CC2Vec requires the whole dataset (i.e., training + testing) for model training, assuming that all unlabelled testing datasets would be available beforehand, which does not follow the key principles of just-in-time defect predictions. Our replication study shows that, after excluding the testing dataset for model training, the F-measure of CC2Vec is decreased by 38.5% for OpenStack and 45.7% for Qt, highlighting the negative impact of excluding the testing dataset for Just-In-Time defect prediction. In addition, CC2Vec cannot perform fine-grained predictions at the line level (i.e., which lines are most risky for a given commit). In this paper, we propose JITLine—a Just-In-Time defect prediction approach for predicting defect-introducing commits and identifying lines that are associated with that defect-introducing commit (i.e., defective lines). Through a case study of 37,524 commits from OpenStack and Qt, we find that our JITLine approach is at least 26%-38% more accurate (F-measure), 17%-51% more cost-effective (PCI@20%LOC), 70-100 times faster than the state-of-the-art approaches (i.e., CC2Vec and DeepJIT) and the fine-grained predictions at the line level by our approach are 133%-150% more accurate (Top-10 Accuracy) than the baseline NLP approach. Therefore, our JITLine approach may help practitioners to better prioritize defect-introducing commits and better identify defective lines.

Shouyu Yin,Shikai Guo,Hui Li,Chenchen Li,Rong Chen,Xiaochen Li,He Jiang

DOI: https://doi.org/10.1109/tse.2024.3503723

IF: 7.4

2024-01-01

IEEE Transactions on Software Engineering

Abstract:Software defect prediction refers to the systematic analysis and review of software using various approaches and tools to identify potential defects or errors. Software defect prediction aids developers in swiftly identifying defects and optimizing development resource allocation, thus enhancing software quality and reliability. Previous defect prediction approaches still face two main limitations: 1) lacking of contextual semantic information and 2) Ignoring the joint reasoning between different granularities of defect predictions. In response to these challenges, we propose LineDef, a line-level defect prediction approach by capturing code contexts with graph convolutional networks. Specifically, LineDef comprises three components: the token embedding component, the graph extraction component, and the multi-granularity defect prediction component. The token embedding component maps each token to a vector to obtain a high-dimensional semantic feature representation of the token. Subsequently, the graph extraction component utilizes a sliding window to extract line-level and token-level graphs, addressing the challenge of capturing contextual semantic relationships in the code. Finally, the multi-granularity defect prediction component leverages graph convolutional layers and attention mechanisms to acquire prediction labels and risk scores, thereby achieving file-level and line-level defect prediction. Experimental studies on 32 datasets across 9 different software projects show that LineDef exhibits significantly enhanced balanced accuracy, ranging from 15.61% to 45.20%, compared to state-of-the-art file-level defect prediction approaches, and a remarkable cost-effectiveness improvement ranging from 15.32% to 278%, compared to state-of-the-art line-level defect prediction approaches. These results demonstrate that LineDef approach can extract more comprehensive information from lines of code for defect prediction.

Teng Huang,Hui‐Qun Yu,Gui‐Sheng Fan,Zi‐Jie Huang,Chen‐Yu Wu

DOI: https://doi.org/10.1111/exsy.13702

IF: 3.3

2024-08-30

Expert Systems

Abstract:Recent research found that fine‐tuning pre‐trained models is superior to training models from scratch in just‐in‐time (JIT) defect prediction. However, existing approaches using pre‐trained models have their limitations. First, the input length is constrained by the pre‐trained models.Secondly, the inputs are change‐agnostic.To address these limitations, we propose JIT‐Block, a JIT defect prediction method that combines multiple input semantics using changed block as the fundamental unit. We restructure the JIT‐Defects4J dataset used in previous research. We then conducted a comprehensive comparison using eleven performance metrics, including both effort‐aware and effort‐agnostic measures, against six state‐of‐the‐art baseline models. The results demonstrate that on the JIT defect prediction task, our approach outperforms the baseline models in all six metrics, showing improvements ranging from 1.5% to 800% in effort‐agnostic metrics and 0.3% to 57% in effort‐aware metrics. For the JIT defect code line localization task, our approach outperforms the baseline models in three out of five metrics, showing improvements of 11% to 140%.

computer science, artificial intelligence, theory & methods

Jiaxi Xu,Fei Wang,Jun Ai

DOI: https://doi.org/10.1109/tr.2020.3040191

IF: 5.883

2021-06-01

IEEE Transactions on Reliability

Abstract:To optimize the process of software testing and to improve software quality and reliability, many attempts have been made to develop more effective methods for predicting software defects. Previous work on defect prediction has used machine learning and artificial software metrics. Unfortunately, artificial metrics are unable to represent the features of syntactic, semantic, and context information of defective modules. In this article, therefore, we propose a practical approach for identifying software defect patterns via the combination of semantics and context information using abstract syntax tree representation learning. Graph neural networks are also leveraged to capture the latent defect information of defective subtrees, which are pruned based on a fix-inducing change. To validate the proposed approach for predicting defects, we define mining rules based on the GitHub workflow and collect 6052 defects from 307 projects. The experiments indicate that the proposed approach performs better than the state-of-the-art approach and five traditional machine learning baselines. An ablation study shows that the information about code concepts leads to a significant increase in accuracy.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Suhwan Ji,Sanghwa Lee,Changsup Lee,Hyeonseung Im,Yo-Sub Han

2024-08-19

Abstract:Identifying the point of error is imperative in software debugging. Traditional fault localization (FL) techniques rely on executing the program and using the code coverage matrix in tandem with test case results to calculate a suspiciousness score for each function or line. Recently, learning-based FL techniques have harnessed machine learning models to extract meaningful features from the code coverage matrix and improve FL performance. These techniques, however, require compilable source code, existing test cases, and specialized tools for generating the code coverage matrix for each programming language of interest. In this paper, we propose, for the first time, a simple but effective sequence generation approach for fine-tuning large language models of code (LLMCs) for FL tasks. LLMCs have recently received much attention for various software engineering problems. In line with these, we leverage the innate understanding of code that LLMCs have acquired through pre-training on large code corpora. Specifically, we fine-tune representative encoder, encoder-decoder, and decoder-based 13 LLMCs for FL tasks. Unlike previous approaches, LLMCs can analyze code sequences even with syntactic errors, since they do not rely on compiled input. Still, they have a limitation on the length of the input data. Therefore, for a fair comparison with existing FL techniques, we extract methods with errors from the project-level benchmark, Defects4J, and analyze them at the line level. Experimental results show that LLMCs fine-tuned with our approach successfully pinpoint error positions in 50.6\%, 64.2\%, and 72.3\% of 1,291 methods in Defects4J for Top-1/3/5 prediction, outperforming the best learning-based state-of-the-art technique by up to 1.35, 1.12, and 1.08 times, respectively. Our findings suggest promising research directions for FL and automated program repair tasks using LLMCs.

Software Engineering

WEN Yong,CAI Ming,DAI Jian-hua,CHEN Gang

DOI: https://doi.org/10.3785/j.issn.1008-973x.2011.06.004

2011-01-01

Abstract:The quality assessment methods for software fault localization reports based on static program dependence graph fail to take into account the dynamic characteristics,which results in far below expectation.A novel quality assessment method was presented to improve the performance.This method makes use of the predicates describing the characteristics of program running and the running track based on the test cases in which a run of the program failed,constructs a dynamic program dependence graph,utilizes the breadth-first search-based algorithm,and obtains a collection of statements which is a more realistic reflection of the process in finding the bug.This method was implemented and evaluated on a fault localization model.The results show that this novel method can more effectively give out the quality of evaluations and promote the improvement of the localization model.

Li Ning,Li Zhanhuai,Sun Xiling,Yang Ying

DOI: https://doi.org/10.13245/j.hust.2012.02.015

2012-01-01

Abstract:Ambiguity,incompleteness and confusion Abstraction layers in software black-box defect report described in natural language were focused.Aimed at the detected defects in black-box testing,a graphed method named software defect description graph(SDDG) was proposed.The SDDG was formally defined with extended Backus-Naur form(EBNF),and the graphical symbols were defined based on cause-effect graph.Theoretical analysis,case study and experimental verification show that SDDG is simpler and clearer than defect description in natural language and XML,and it can improve the readability,integrity and reproducibility of defect report,and it can also reduce the inconsistent understanding caused by ambiguity of natural language.The method improves the communication efficiency of tester and programmer,meanwhile it provides better raw defect data for software defect classification and analysis.

Nan Luo,Ying Ma,Jianmin Li,Yanqi Xie

DOI: https://doi.org/10.1109/icecai58670.2023.10176967

2023-01-01

Abstract:As a branch of software defect detection research, Juts-in-time software defect prediction mainly detects defects with the detection granularity of change level. Change-level defect detection means that when the project developer commits code, whether there are defects in the introduced code are detected. When the defect detection model classifies the code submitted by project developers as introducing defects to commit changes, developers need to modify their submitted changes to be classified as clean classes. Investigation shows that some project developers choose to ignore the classification results of the software defect detection model, and only modify the code structure in the submitted changes, but not the code semantics, so that the software defect detection model marks their submitted changes as clean changes. This action by the developer is often referred to as a semantically preserved change. This paper introduces a just-in-time software defect detection model based on generative adversarial networks. The semantic equivalent code segments are generated by the generative adversarial model, and the generated data and original data are used to train the defect detection model, to improve the performance of the software defect detection model. The proposed method is tested on six project datasets commonly used in the field of just-in-time defect detection. The experimental results show that the proposed method can effectively detect whether there are software defects introduced by semantically preserved changes in the submitted changes.

Jianzhong Zhu,Yuan Huang,Xiangping Chen,Ruomei Wang,Zibin Zheng

DOI: https://doi.org/10.1109/qrs60937.2023.00018

2023-01-01

Abstract:The existence of software defects greatly restricts the application of software and may bring great economic losses. Defect prediction techniques based on file level or module level can help code reviewers quickly locate defects and fix them. In recent years, researchers have used natural language techniques to explore the defectiveness of code lines by analyzing the semantic information of the code lines. However, the appearance of defects is often associated with the syntactic information of the code. To fully use the syntax information associated with code lines, we propose a code line-level representation considering the coverage of the syntax node. Specifically, we add the syntax node to its corresponding coverage lines. Combining with the BiLSTM model, we propose a new line-level defect prediction model, SyntaxLineDP, which shows good performance achieving 0.72 and 0.62 for AUC and Balanced Accuracy respectively. SyntaxLineDP outperforms the state-of-the-art model and the popular static tools (e.g., ErrorProne, PMD). Specifically, In the within-project evaluation, the SyntaxLineDP model outperforms the start-of-the-art model by 15% and 27% on the Recall@Top20% LOC metric and the Effort@Top20% Recall metric respectively. In the cross-project evaluation, the SyntaxLineDP outperforms the start-of-the-art model by 7% and 42% on the Recall@Top20% LOC metric and the Effort@Top20% Recall metric respectively. Through ablation experiments, we studied how the selection of extended syntax information contributes to the detection and found out some key features that are helpful for the defect prediction task: number of infix expressions of code line, number of blocks of code line, and number of method invocation of the code line.