Duplicate bug report detection using clustering

Bug reporting and fixing the reported bugs play a critical part in the development and maintenance of software systems. The software developers and end users can collaborate in this process to improve the reliability of software systems. Various end users report the defects they have found in the software and how these bugs affect them. However, the same defect may be reported independently by several users leading to a significant number of duplicate bug reports. There are a number of existing methods for detecting duplicate bug reports, but the best results so far account for only 24% of actual duplicates. In this paper, we propose a new method based on clustering to identify a larger proportion of duplicate bug reports while keeping the false positives of misidentified non-duplicates low. The proposed approach is experimentally evaluated on a large sample of bug reports from three public domain data sets. The results show that this approach achieves better performance in terms of a harmonic measure that combines true positive and true negative rates when compared to the existing methods

Fuzzy set and cache-based approach for bug triaging

Software bugs are inevitable and bug fixing is an essential and costly phase during software development. Such defects are often reported in bug reports which are stored in an issue tracking system, or bug repository. Such reports need to be assigned to the most appropriate developers who will eventually fix the issue/bug reported. This process is often called Bug Triaging. Manual bug triaging is a difficult, expensive, and lengthy process, since it needs the bug triager to manually read, analyze, and assign bug fixers for each newly reported bug. Triagers can become overwhelmed by the number of reports added to the repository. Time and efforts spent into triaging typically diverts valuable resources away from the improvement of the product to the managing of the development process. To assist triagers and improve the bug triaging efficiency and reduce its cost, this thesis proposes Bugzie, a novel approach for automatic bug triaging based on fuzzy set and cachebased modeling of the bug-fixing capability of developers. Our evaluation results on seven large-scale subject systems show that Bugzie achieves significantly higher levels of efficiency and correctness than existing state-of-the-art approaches. In these subject projects, Bugzie\u27s accuracy for top-1 and top-5 recommendations is higher than those of the second best approach from 4-15% and 6-31%, respectively as Bugzie\u27s top-1 and top-5 recommendation accuracy is generally in the range of 31-51% and 70-83%, respectively. Importantly, existing approaches take from hours to days (even almost a month) to finish training as well as predicting, while in Bugzie, training time is from tens of minutes to an hour

Duplicate Defect Detection

Discovering and fixing faults is an unavoidable process in Software Engineering. It is always a good practice to document and organize fault reports. This facilitates the effectiveness of development and maintenance process. Bug Tracking Repositories, such as Bugzilla, are designed to provide fault reporting facilities for developers, testers and users of the system. Allowing anyone to contribute finding and reporting faults has an immediate impact on software quality. However, this benefit comes with one side-effect. Users often file reports that describe the same fault. This increases the triaging time spent by the maintainers. At the same time, important information required to fix the fault is likely to be distributed across different reports.;The objective of this thesis is twofold. First, we want to understand the dynamics of bug report filing for a large, long duration open source project, Firefox. Second, we present a new approach that can reduce the number of duplicate reports. The novel element in the proposed approach is the ability to concentrate the search for duplicates on specific portions of the bug repository. This improves the performance of Information Retrieval techniques and classification runtime of our algorithm. Our system can be deployed as a search tool to help reporters query the repository or it can be adopted to help maintainers detect duplicate reports. In both cases the performance is satisfactory. When tested as a search tool our system is able to detect up to 53% of duplicate reports. The approach adapted for maintainers has a maximum recall rate of 59%

A Microstructural Approach to Self-Organizing:The Emergence of Attention Networks

A recent line of inquiry investigates new forms of organizing as bundles of novel solutions to universal problems of resource allocation and coordination: how to allocate organizational problems to organizational participants and how to integrate participants' resulting efforts. We contribute to this line of inquiry by reframing organizational attention as the outcome of a concatenation of self-organizing, microstructural mechanisms linking multiple participants to multiple problems, thus giving rise to an emergent attention network. We argue that, when managerial hierarchies are absent and authority is decentralized, observable acts of attention allocation produce interpretable signals that help participants to direct their attention and share information on how to coordinate and integrate their individual efforts. We theorize that the observed structure of an organizational attention network is generated by the concatenation of four interdependent micromechanisms: focusing, reinforcing, mixing, and clustering. In a statistical analysis of organizational problem solving within a large opensource software project, we find support for our hypotheses about the self-organizing dynamics of the observed attention network connecting organizational problems (software bugs) to organizational participants (volunteer contributors). We discuss the implications of attention networks for theory and practice by emphasizing the self-organizing character of organizational problem solving. We discuss the generalizability of our theory to a wider set of organizations in which participants can freely allocate their attention to problems and the outcomes of their allocation are publicly observable without cost.</p

High impact bug report identification with imbalanced learning strategies

Supplementary code and data available from GitHub: https://github.com/goddding/JCST</p

Empirical evaluation of bug linking

International audienceTo collect software bugs found by users, development teams often setup bug trackers using systems such as Bugzilla. Developers would then fix some of the bugs and commit corresponding code changes into version control systems such as svn or git. Unfortunately, the links between bug reports and code changes are missing for many software projects as the bug tracking and version control systems are often maintained separately. Yet, linking bug reports to fix commits is important as it could shed light into the nature of bug fixing processes and expose patterns in software management. Bug linking solutions, such as ReLink, have been proposed. The demonstration of their effectiveness however faces a number of issues, including a reliability issue with their ground truth datasets as well as the extent of their measurements. We propose in this study a benchmark for evaluating bug linking solutions. This benchmark includes a dataset of about 12,000 bug links from 10 programs. These true links between bug reports and their fixes have been provided during bug fixing processes. We designed a number of research questions, to assess both quantitatively and qualitatively the effectiveness of a bug linking tool. Finally, we apply this benchmark on ReLink to report the strengths and limitations of this bug linking tool

Three essays on problem-solving in collaborative open productions

The term “open production” is frequently used to describe production systems that rely on volunteer participants who are willing to participate, produce, and bear private costs in order to provide a public good. Examples of open production are becoming increasingly common in many industries. What make these productions possible? How may they be sustained in a world of organizations in which the evolutionary products of economic selection are elaborate hierarchical forms of organization? One way to address these questions is to look at how open productions solve problems that are common to all production organizations such as, for example, problems in the division of labor, allocation of tasks, collaboration, coordination, and maintaining balance between inducement and contributions. Under the conditions of extreme decentralization that are the defining feature of open productions, this approach implies a detailed observation of individual problem solving practices. This is the approach I develop in my dissertation. Unlike much of the prior literature on open productions, I deemphasize motivational elements, status-seeking motives, and allocation of property rights issues. I focus instead on actual work practices as revealed by the day-by-day problem solving activities that qualify open productions projects as production organizations despite the absence of formal contractual arrangements to regulate principal-agent relations. What my work adds to the extensive, informative, and well-developed discipline-based explanations that are currently available, is a focus on the emergence of micro-organizational mechanisms through which problem assignment (Chapter 2), problem resolution (Chapter 3), and sustained participation (Chapter 4) are obtained in open productions. In my essays, I draw from organizational sociology and the behavioral theory of the firm to specify models that relate individual problem-solving activities to structured patterns of action through emergent work practices. In the models that I specify and test, I emphasize processes of attention allocation (Chapter 2), repeated collaboration and group diversity (Chapter 3) and identity construction (Chapter 4) as central to our understanding of the dynamics of problem-solving in organizations. One element of novelty in my study is that my research design makes these work practices directly observable at a level of detail, completeness, and precision that was inaccessible in the past. To illustrate the empirical value of the view that I develop I examine problem-solving activities – i.e., bug fixing and code production – within two Free/Open Source Software (F/OSS) projects during their entire life span. Readers of my work will know more about how organizational micro-mechanisms emerge in open productions

ATTACKS AND COUNTERMEASURES FOR WEBVIEW ON MOBILE SYSTEMS

ABSTRACT All the mainstream mobile operating systems provide a web container, called ``WebView\u27\u27. This Web-based interface can be included as part of the mobile application to retrieve and display web contents from remote servers. WebView not only provides the same functionalities as web browser, more importantly, it enables rich interactions between mobile apps and webpages loaded inside WebView. Through its APIs, WebView enables the two-way interaction. However, the design of WebView changes the landscape of the Web, especially from the security perspective. This dissertation conducts a comprehensive and systematic study of WebView\u27s impact on web security, with a particular focus on identifying its fundamental causes. This dissertation discovers multiple attacks on WebView, and proposes new protection models to enhance the security of WebView. The design principles of these models are also described as well as the prototype implementation in Android platform. Evaluations are used to demonstrate the effectiveness and performance of these protection models