Advertisement

What Are the Perception Gaps Between FLOSS Developers and SE Researchers?

A Case of Bug Finding Research
  • Yutaro KashiwaEmail author
  • Akinori Ihara
  • Masao Ohira
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 556)

Abstract

In recent years, many researchers in the SE community have been devoting considerable efforts to provide FLOSS developers with a means to quickly find and fix various kinds of bugs in FLOSS products such as security and performance bugs. However, it is not exactly sure how FLOSS developers think about bugs to be removed preferentially. Without a full understanding of FLOSS developers’ perceptions of bug finding and fixing, researchers’ efforts might remain far away from FLOSS developers’ needs. In this study, we interview 322 notable GitHub developers about high impact bugs to understand FLOSS developers’ needs for bug finding and fixing, and we manually inspect and classify developers’ answers (bugs) by symptoms and root causes of bugs. As a result, we show that security and breakage bugs are highly crucial for FLOSS developers. We also identify what kinds of high impact bugs should be studied newly by the SE community to help FLOSS developers.

Keywords

Open source software High impact bug Interview 

Notes

Acknowledgment

We really appreciate the cooperation of developers in GitHub in completing our survey. This research is conducted as part of Grant-in-Aid for Japan Society for the Promotion of Science Research Fellow and Scientific Research (JP17J03330, JP17H00731, JP18K11243).

References

  1. 1.
    Abate, P., Di Cosmo, R., Gesbert, L., Le Fessant, F., Treinen, R., Zacchiroli, S.: Mining component repositories for installability issues. In: Proceeding of the 12th Working Conference on Mining Software Repositories, pp. 24–33 (2015)Google Scholar
  2. 2.
    An, L., Khomh, F., Guéhéneuc, Y.G.: An empirical study of crash-inducing commits in Mozilla Firefox. Softw. Qual. J. 26(2), 553–584 (2018)CrossRefGoogle Scholar
  3. 3.
  4. 4.
    Chen, T.H., Nagappan, M., Shihab, E., Hassan, A.E.: An empirical study of dormant bugs. In: Proceedings of the 11th Working Conference on Mining Software Repositories, pp. 82–91 (2014)Google Scholar
  5. 5.
    Felsing, D., Grebing, S., Klebanov, V., Rümmer, P., Ulbrich, M.: Automating regression verification. In: Proceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering, pp. 349–360 (2014)Google Scholar
  6. 6.
    Gao, F., Wang, L., Li, X.: BovInspector: automatic inspection and repair of buffer overflow vulnerabilities. In: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, pp. 786–791 (2016)Google Scholar
  7. 7.
    Garcia, H.V., Shihab, E.: Characterizing and predicting blocking bugs in open source projects categories and subject descriptors. In: Proceedings of the 11th Working Conference on Mining Software Repositories, pp. 72–81 (2014)Google Scholar
  8. 8.
    Gegick, M., Rotella, P., Xie, T.: Identifying security bug reports via text mining: an industrial case study. In: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering, pp. 11–20 (2010)Google Scholar
  9. 9.
  10. 10.
  11. 11.
    Jiang, B., Liu, Y., Chan, W.K.: ContractFuzzer: fuzzing smart contracts for vulnerability detection. In: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, pp. 259–269 (2018)Google Scholar
  12. 12.
    Kafali, O., Jones, J., Petruso, M., Williams, L., Singh, M.P.: How good is a security policy against real breaches? A HIPAA case study. In: Proceedings of the 39th International Conference on Software Engineering, pp. 530–540 (2017)Google Scholar
  13. 13.
    Kashiwa, Y., Yoshiyuki, H., Kukita, Y., Ohira, M.: A pilot study of diversity in high impact bugs. In: Proceedings of the 30th International Conference on Software Maintenance and Evolution, pp. 536–540 (2014)Google Scholar
  14. 14.
  15. 15.
    Ma, W., Chen, L., Zhang, X., Zhou, Y., Xu, B.: How do developers fix cross-project correlated bugs? A case study on the GitHub scientific python ecosystem. In: Proceedings of IEEE/ACM 39th International Conference on Software Engineering, pp. 381–392 (2017)Google Scholar
  16. 16.
    Mathis, B., Avdiienko, V., Soremekun, E.O., Bohme, M., Zeller, A.: Detecting information flow by mutating input data. In: Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering, pp. 263–273 (2017)Google Scholar
  17. 17.
    Meng, N., Nagy, S., Yao, D., Zhuang, W., Argoty, G.A.: Secure coding practices in Java: challenges and vulnerabilities. In: Proceedings of the 40th International Conference on Software Engineering, pp. 372–383 (2018)Google Scholar
  18. 18.
    Molyneaux, I.: The Art of Application Performance Testing: Help for Programmers and Quality Assurance, 1st edn. O’Reilly Media Inc., Newton (2009)Google Scholar
  19. 19.
    Near, J.P., Jackson, D.: Finding security bugs in web applications using a catalog of access control patterns. In: Proceedings of the 38th International Conference on Software Engineering, pp. 947–958 (2016)Google Scholar
  20. 20.
    Nguyen, T.H.D., Nagappan, M., Hassan, A.E., Nasser, M., Flora, P.: An industrial case study of automatically identifying performance regression-causes. In: Proceedings of the 11th Working Conference on Mining Software Repositories, pp. 232–241 (2014)Google Scholar
  21. 21.
    Nistor, A., Chang, P.C., Radoi, C., Lu, S.: CARAMEL: detecting and fixing performance problems that have non-intrusive fixes. In: Proceedings of the 37th International Conference on Software Engineering, vol. 1, pp. 902–912 (2015)Google Scholar
  22. 22.
    Nistor, A., Jiang, T., Tan, L.: Discovering, reporting, and fixing performance bugs. In: Proceedings of the 10th Working Conference on Mining Software Repositories, pp. 237–246 (2013)Google Scholar
  23. 23.
    Nurmuliani, N., Zowghi, D., Williams, S.: Using card sorting technique to classify requirements change. In: Proceedings of 12th International Requirements Engineering Conference, pp. 224–232 (2014)Google Scholar
  24. 24.
  25. 25.
    Pham, V.T., Ng, W.B., Rubinov, K., Roychoudhury, A.: Hercules: reproducing crashes in real-world application binaries. In: Proceedings of the 37th International Conference on Software Engineering, vol. 1, pp. 891–901 (2015)Google Scholar
  26. 26.
    Seo, H., Kim, S.: Predicting recurring crash stacks. In: Proceedings of the 27th International Conference on Automated Software Engineering, p. 180 (2012)Google Scholar
  27. 27.
    Seo, H., Sadowski, C., Elbaum, S., Aftandilian, E., Bowdidge, R.: Programmers’ build errors: a case study (at Google). In: Proceedings of the 36th International Conference on Software Engineering, pp. 724–734 (2014)Google Scholar
  28. 28.
    Shafiq, H., Arshad, Z.: Automated debugging and bug fixing solutions: a systematic literature review and classification, M.Sc thesis, Blekinge Institute of Technology (2014)Google Scholar
  29. 29.
    Shar, L.K., Beng Kuan Tan, H., Briand, L.C.: Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis. In: Proceedings of the 35th International Conference on Software Engineering, pp. 642–651 (2013)Google Scholar
  30. 30.
    Shihab, E., Mockus, A., Kamei, Y., Adams, B., Hassan, A.E.: High-impact defects: a study of breakage and surprise defects. In: Proceedings of the 19th ACM SIGSOFT Symposium and the 13th European Conference on Foundations of Software Engineering, pp. 300–310 (2011)Google Scholar
  31. 31.
    Sullivan, M., Chillarege, R.: Software defects and their impact on system availability-a study of field failures in operating systems. In: Proceedings of the Fault-Tolerant Computing: The Twenty-First International Symposium, pp. 2–9 (1991)Google Scholar
  32. 32.
    Tan, L., Liu, C., Li, Z., Wang, X., Zhou, Y., Zhai, C.: Bug characteristics in open source software. Empir. Softw. Eng. 19(6), 1665–1705 (2014)CrossRefGoogle Scholar
  33. 33.
    Tan, S.H., Dong, Z., Gao, X., Roychoudhury, A.: Repairing crashes in Android apps. In: Proceedings of the 40th International Conference on Software Engineering, pp. 187–198 (2018)Google Scholar
  34. 34.
    Tan, S.H., Roychoudhury, A.: Relifix: automated repair of software regressions. In: Proceedings of the 37th International Conference on Software Engineering, vol. 1, pp. 471–482 (2015)Google Scholar
  35. 35.
    Zaman, S., Adams, B., Hassan, A.E.: Security versus performance bugs: a case study on Firefox. In: Proceedings of the 8th Working Conference on Mining Software Repositories, pp. 93–102 (2011)Google Scholar
  36. 36.
    Zhao, X., Xia, X., Kochhar, P.S., Lo, D., Li, S.: An empirical study of bugs in build process. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 1187–1189 (2014)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2019

Authors and Affiliations

  1. 1.Wakayama UniversityWakayamaJapan

Personalised recommendations