Have things changed now?: An empirical study of bug characteristics in modern open source software

Zhenmin Li; Lin Tan; Xuanhui Wang; Shan Lu; Yuanyuan Zhou; Chengxiang Zhai

doi:10.1145/1181309.1181314

Have things changed now? An empirical study of bug characteristics in modern open source software

Zhenmin Li, Lin Tan, Xuanhui Wang, Shan Lu, Yuanyuan Zhou, Chengxiang Zhai

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Software errors are a major cause for system failures. To effectively design tools and support for detecting and recovering from software failures requires a deep understanding of bug characteristics. Recently, software and its development process have significantly changed in many ways, including more help from bug detection tools, shift towards multi-threading architecture, the open-source development paradigm and increasing concerns about security and user-friendly interface. Therefore, results from previous studies may not be applicable to present software. Furthermore, many new aspects such as security, concurrency and open-source-related characteristics have not well studied. Additionally, previous studies were based on a small number of bugs, which may lead to non-representative results.To investigate the impacts of the new factors on software errors, we analyze bug characteristics by first sampling hundreds of real world bugs in two large, representative open-source projects. To validate the representativeness of our results, we use natural language text classification techniques and automatically analyze around 29, 000 bugs from the Bugzilla databases of the software.Our study has discovered several new interesting characteristics: (1) memory-related bugs have decreased because quite a few effective detection tools became available recently; (2) surprisingly, some simple memory-related bugs such as NULL pointer dereferences that should have been detected by existing tools in development are still a major component, which indicates that the tools have not been used with their full capacity; (3) semantic bugs are the dominant root causes, as they are application specific and difficult to fix, which suggests that more efforts should be put into detecting and fixing them; (4) security bugs are increasing, and the majority of them cause severe impacts.

Original language	English (US)
Title of host publication	ASID'06
Subtitle of host publication	First Workshop on Architectural and System Support for Improving Software Dependability, in conjunction with ASPLOS 2006
Pages	25-33
Number of pages	9
DOIs	https://doi.org/10.1145/1181309.1181314
State	Published - 2006
Event	ASID'06: 1st Workshop on Architectural and System Support for Improving Software Dependability - San Jose, CA, United States Duration: Oct 21 2006 → Oct 21 2006

Publication series

Name	ASID'06: 1st Workshop on Architectural and System Support for Improving Software Dependability

Other

Other	ASID'06: 1st Workshop on Architectural and System Support for Improving Software Dependability
Country/Territory	United States
City	San Jose, CA
Period	10/21/06 → 10/21/06

Keywords

Bug characteristics
Bug detection
Empirical study
Open source
Security

ASJC Scopus subject areas

Hardware and Architecture
Information Systems
Software

Online availability

10.1145/1181309.1181314

Library availability

Discover UIUC Full Text

Cite this

Li, Z., Tan, L., Wang, X., Lu, S., Zhou, Y., & Zhai, C. (2006). Have things changed now? An empirical study of bug characteristics in modern open source software. In ASID'06: First Workshop on Architectural and System Support for Improving Software Dependability, in conjunction with ASPLOS 2006 (pp. 25-33). (ASID'06: 1st Workshop on Architectural and System Support for Improving Software Dependability). https://doi.org/10.1145/1181309.1181314

Have things changed now? An empirical study of bug characteristics in modern open source software. / Li, Zhenmin; Tan, Lin; Wang, Xuanhui et al.
ASID'06: First Workshop on Architectural and System Support for Improving Software Dependability, in conjunction with ASPLOS 2006. 2006. p. 25-33 (ASID'06: 1st Workshop on Architectural and System Support for Improving Software Dependability).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Li, Z, Tan, L, Wang, X, Lu, S, Zhou, Y & Zhai, C 2006, Have things changed now? An empirical study of bug characteristics in modern open source software. in ASID'06: First Workshop on Architectural and System Support for Improving Software Dependability, in conjunction with ASPLOS 2006. ASID'06: 1st Workshop on Architectural and System Support for Improving Software Dependability, pp. 25-33, ASID'06: 1st Workshop on Architectural and System Support for Improving Software Dependability, San Jose, CA, United States, 10/21/06. https://doi.org/10.1145/1181309.1181314

Li Z, Tan L, Wang X, Lu S, Zhou Y, Zhai C. Have things changed now? An empirical study of bug characteristics in modern open source software. In ASID'06: First Workshop on Architectural and System Support for Improving Software Dependability, in conjunction with ASPLOS 2006. 2006. p. 25-33. (ASID'06: 1st Workshop on Architectural and System Support for Improving Software Dependability). doi: 10.1145/1181309.1181314

Li, Zhenmin ; Tan, Lin ; Wang, Xuanhui et al. / Have things changed now? An empirical study of bug characteristics in modern open source software. ASID'06: First Workshop on Architectural and System Support for Improving Software Dependability, in conjunction with ASPLOS 2006. 2006. pp. 25-33 (ASID'06: 1st Workshop on Architectural and System Support for Improving Software Dependability).

@inproceedings{c821ba8c6eb8423786671ab9635162a9,

title = "Have things changed now?: An empirical study of bug characteristics in modern open source software",

abstract = "Software errors are a major cause for system failures. To effectively design tools and support for detecting and recovering from software failures requires a deep understanding of bug characteristics. Recently, software and its development process have significantly changed in many ways, including more help from bug detection tools, shift towards multi-threading architecture, the open-source development paradigm and increasing concerns about security and user-friendly interface. Therefore, results from previous studies may not be applicable to present software. Furthermore, many new aspects such as security, concurrency and open-source-related characteristics have not well studied. Additionally, previous studies were based on a small number of bugs, which may lead to non-representative results.To investigate the impacts of the new factors on software errors, we analyze bug characteristics by first sampling hundreds of real world bugs in two large, representative open-source projects. To validate the representativeness of our results, we use natural language text classification techniques and automatically analyze around 29, 000 bugs from the Bugzilla databases of the software.Our study has discovered several new interesting characteristics: (1) memory-related bugs have decreased because quite a few effective detection tools became available recently; (2) surprisingly, some simple memory-related bugs such as NULL pointer dereferences that should have been detected by existing tools in development are still a major component, which indicates that the tools have not been used with their full capacity; (3) semantic bugs are the dominant root causes, as they are application specific and difficult to fix, which suggests that more efforts should be put into detecting and fixing them; (4) security bugs are increasing, and the majority of them cause severe impacts.",

keywords = "Bug characteristics, Bug detection, Empirical study, Open source, Security",

author = "Zhenmin Li and Lin Tan and Xuanhui Wang and Shan Lu and Yuanyuan Zhou and Chengxiang Zhai",

year = "2006",

doi = "10.1145/1181309.1181314",

language = "English (US)",

isbn = "1595935762",

series = "ASID'06: 1st Workshop on Architectural and System Support for Improving Software Dependability",

pages = "25--33",

booktitle = "ASID'06",

note = "ASID'06: 1st Workshop on Architectural and System Support for Improving Software Dependability ; Conference date: 21-10-2006 Through 21-10-2006",

}

TY - GEN

T1 - Have things changed now?

T2 - ASID'06: 1st Workshop on Architectural and System Support for Improving Software Dependability

AU - Li, Zhenmin

AU - Tan, Lin

AU - Wang, Xuanhui

AU - Lu, Shan

AU - Zhou, Yuanyuan

AU - Zhai, Chengxiang

PY - 2006

Y1 - 2006

N2 - Software errors are a major cause for system failures. To effectively design tools and support for detecting and recovering from software failures requires a deep understanding of bug characteristics. Recently, software and its development process have significantly changed in many ways, including more help from bug detection tools, shift towards multi-threading architecture, the open-source development paradigm and increasing concerns about security and user-friendly interface. Therefore, results from previous studies may not be applicable to present software. Furthermore, many new aspects such as security, concurrency and open-source-related characteristics have not well studied. Additionally, previous studies were based on a small number of bugs, which may lead to non-representative results.To investigate the impacts of the new factors on software errors, we analyze bug characteristics by first sampling hundreds of real world bugs in two large, representative open-source projects. To validate the representativeness of our results, we use natural language text classification techniques and automatically analyze around 29, 000 bugs from the Bugzilla databases of the software.Our study has discovered several new interesting characteristics: (1) memory-related bugs have decreased because quite a few effective detection tools became available recently; (2) surprisingly, some simple memory-related bugs such as NULL pointer dereferences that should have been detected by existing tools in development are still a major component, which indicates that the tools have not been used with their full capacity; (3) semantic bugs are the dominant root causes, as they are application specific and difficult to fix, which suggests that more efforts should be put into detecting and fixing them; (4) security bugs are increasing, and the majority of them cause severe impacts.

AB - Software errors are a major cause for system failures. To effectively design tools and support for detecting and recovering from software failures requires a deep understanding of bug characteristics. Recently, software and its development process have significantly changed in many ways, including more help from bug detection tools, shift towards multi-threading architecture, the open-source development paradigm and increasing concerns about security and user-friendly interface. Therefore, results from previous studies may not be applicable to present software. Furthermore, many new aspects such as security, concurrency and open-source-related characteristics have not well studied. Additionally, previous studies were based on a small number of bugs, which may lead to non-representative results.To investigate the impacts of the new factors on software errors, we analyze bug characteristics by first sampling hundreds of real world bugs in two large, representative open-source projects. To validate the representativeness of our results, we use natural language text classification techniques and automatically analyze around 29, 000 bugs from the Bugzilla databases of the software.Our study has discovered several new interesting characteristics: (1) memory-related bugs have decreased because quite a few effective detection tools became available recently; (2) surprisingly, some simple memory-related bugs such as NULL pointer dereferences that should have been detected by existing tools in development are still a major component, which indicates that the tools have not been used with their full capacity; (3) semantic bugs are the dominant root causes, as they are application specific and difficult to fix, which suggests that more efforts should be put into detecting and fixing them; (4) security bugs are increasing, and the majority of them cause severe impacts.

KW - Bug characteristics

KW - Bug detection

KW - Empirical study

KW - Open source

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=34547229642&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34547229642&partnerID=8YFLogxK

U2 - 10.1145/1181309.1181314

DO - 10.1145/1181309.1181314

M3 - Conference contribution

AN - SCOPUS:34547229642

SN - 1595935762

SN - 9781595935762

T3 - ASID'06: 1st Workshop on Architectural and System Support for Improving Software Dependability

SP - 25

EP - 33

BT - ASID'06

Y2 - 21 October 2006 through 21 October 2006

ER -