I talked at the PUMA research training group of LMU and TU Munich about software cloning. I reported on our empirical results on clone detection in software artefacts and describe our first activities towards detecting functionally similar clones.
live-blog and tweet this presentation given that you attribute it to its author and respect the rights and licences of its parts. basiert auf Vorlagen von @SMEasterbrook und @ethanwhite
(except for whitespace and comments) Type 2 a syntactically identical copy; only variable, type, or function identifiers have been changed Type 3 a copy with further modifications; statements have been changed, added, or removed
clone/cardinality of most frequent clone • Cloned Statements Number of statements in the system being part of at least one clone • Clone Coverage – #Cloned Statements / #Statements – Probability of a randomly chosen statement to be part of a clone Measures for cloning
inconsistent evolution of clones in industrial telecom. SW. [Monden02]: higher revision number for files with clones in legacy SW. [Kim05]: substantial amount of coupled changes to code clones. [Li06], [SuChiu07] and [Aversano07], [Bakota07]: discovery of bugs through search for inconsistent clones or clone evolution analysis. Doubting harmfulness [Krinke07]: inconsistent clones hardly ever become consistent later. [Geiger06]: Failure to statistically verify impact of clones on change couplings [Lozano08]: Failure to statistically verify impact of clones on changeability. [Göde11]: Most changes intentionally inconsistent [Rahman12]: no statistically significant impacts on faults
inconsistent clones by system developers No indirect measures of consequences of cloning • Both industrial and open source software analysed • Quantitative data Deissenboeck, Juergens, Hummel, Wagner, ICSE, 2009
RQ2: Are inconsistent clones created unintentionally? |UIC| / |IC| RQ3: Can inconsistent clones be indicators for faults in real systems? |F| / |IC|, |F| / |UIC| Clone Groups C (exact and incons.) Inconsistent clone groups IC Unintentionally incons. Clone Groups UIC Faulty clone Groups F
candidate detection • Novel algorithm • Tailored to target program False positive removal • Manual inspection of all inconsistent and ¼ exact CCs • Performed by researchers Assessment of inconsistencies • All inconsistent clone groups inspected • Performed by developers Clone groups C (exact and incons.) Inconsistent clone groups IC Unintentionally inconsistent clone groups UIC Faulty clone groups F → CC → C, IC → UIC, F
400 employees Sysiphus: Open source collaboration environment for distributed SW development. Developed at TUM. 281 8 Java TUM Sysiphus 197 17 Cobol LV 1871 D 495 2 C# Munich Re C 454 4 C# Munich Re B 317 6 C# Munich Re A Size (kLoC) Age (years) Language Organization System
/ |C| RQ2: Do type-3 clones contain documented faults? |CT3 F | / |CT3| RQ3: Are developers aware of type-3 clones? |IMS | / |IM |, interviews with key developers Clone Groups C (exact and incons.) Inconsistent clone groups CT3 Faulty clone Groups CT3 F
No general clone awareness x x No specific clone awareness x x No clone check while bug fixing x x Clone warning while developing x Common code ownership x Discussion about co-changes x
clones. • Rate of faulty type-3 clones is about 17 %. • There is a difference in awareness of clones and inconsistencies. • This awareness seems to impact how many faults are related to type-3 clones. • Further studies should take this into account. • Making developers aware of clones seems still to be worthwhile.
or set of programs that performs certain functions in a specific environment.” [IEEE 830-1998] Clone • Duplicated specification text of at least 20 words • Small differences (e.g., declination) are tolerated • Must refer to specified system • False positives: e.g., page footers with copyright information
2.What kind of information is cloned in requirements specifications? 3.What consequences does cloning in requirements specifications have? 4.Can cloning in requirements specifications be detected accurately using existing clone detectors?
of detected clones Adding of filters False positives? Categorisation of clones Independent re-categorisation Analysis of corresp. source code Data analysis & interpretation Yes No
of detected clones Adding of filters False positives? Categorisation of clones Independent re-categorisation Analysis of corresp. source code Data analysis & interpretation Yes No
Mix of theory-based and Grounded Theory • 4+8 categories • Documentation of additional information (mostly inconsistencies between clones) Categorisation of clones
of detected clones Adding of filters False positives? Categorisation of clones Independent re-categorisation Analysis of corresp. source code Data analysis & interpretation Yes No
of detected clones Adding of filters False positives? Categorisation of clones Independent re-categorisation Analysis of corresp. source code Data analysis & interpretation Yes No
liabilities that the clients have agreed on with X. The liabilities are calculated from the exposures from Y and the contract conditions from X. The liability- relevant parts of the contracts thus need to be managed in system Z.” “The contracts with the clients describe the conditions regarding obligatory liabilities that the clients have agreed on with X. The liabilities are calculated from the exposures from Y and the contract conditions from X. The liability- relevant parts of the contracts thus need to be managed in system Z.” “The contracts with the clients describe the conditions regarding obligatory liabilities that the clients have agreed on with X. The liabilities are calculated from the exposures from Y and the contract conditions from X. The liability- relevant parts of the contracts thus need to be managed in system Z.” Typical Clones • Entire use cases copied • Similar combinations of pre and post conditions copied • Descriptions of terms or roles copied Example* 42 instances (61 words, 13 instances with > 100 words) *Translated from German “The contracts with the clients describe the conditions regarding obligatory liabilities that the clients have agreed on with X. The liabilities are calculated from the exposures from Y and the contract conditions from X. The liability- relevant parts of the contracts thus need to be managed in system Z.” “The contracts with the clients describe the conditions regarding obligatory liabilities that the clients have agreed on with X. The liabilities are calculated from the exposures from Y and the contract conditions from X. The liability- relevant parts of the contracts thus need to be managed in system Z.” …
A G Y Z L C K U X AB V B D N AC I P W O S M J E R Q T 0 0 0,7 0,9 1 1,2 1,6 1,9 2 5,8 5,5 5,4 8,2 8,1 8,9 11,2 12,1 12,4 15,5 18,1 18,5 20,5 19,6 21,9 22,1 35 51,1 71,6 Clone coverage in percentage Mean 13.6%
B V N U F AC D C Z G X K W M S I P O E R J Q T 0 0 0 0,1 0,3 0,3 0,3 0,3 0,4 0,5 0,6 1,2 2,1 2,8 2,9 3,2 4,1 4,2 4,8 7 8,2 10,3 11,1 12,7 17 17,5 18,5 36,7 Additional effort in hours per inspector Mean 6
to be unintentional ⇒Indication that inconsistent updates happen in practice Implementation Traced specification clone groups to implementation. 3 cases: • Shared abstraction • Cloned code • Independent reimplementation of similar functionality ⇒Indication that spec. cloning causes redundancy in implementation
F G J N S W Z Y X I V B L AC P C M R AB A O D H K U 85 96 97 99 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 85 96 97 99 2 27 30 40 44 45 48 48 52 58 59 71 96 97 100 100 100 100 100 100 100 100 Before tailoring After tailoring Precision in percentage
errors during manual steps • Reading speeds for cloned vs non-cloned text? Assumed similar. Further research required • Recall unclear. But: does not affect study results External • Substantial differences between requirements specifications (format, organisation, language, …) But: large amount of study objects from different companies, domains
impact on reading and inspection effort • Indication for corresponding redundancy in source code • Cloning not necessary – many specs contain none • Tailoring required but feasible: effort small w.r.t. inspection overhead Future Work • How can cloning be avoided or removed? • What are the causes for cloning? Different than for code clones? • Further studies on consequences for implementation
detection? • Main limitation: random testing approach no input or generated input does achieve sufficient code coverage • Notion of I/O similarity may not be suitable e.g different data types or signatures • Further research required to quantify these problems
1: What share of independently developed similar programs are type-1–3 clones? • RQ 2: What are the differences between FSC that go beyond type-1–3 clones? • RQ 3: What share of FSC can be detected by a type-4 clone detector? • RQ 4: What should a benchmark contain that represents the differences between FSC? Wagner et. al, PeerJ Preprints, https://dx.doi.org/10.7287/peerj.preprints.1516v1
the code clon realistic than fully artificial copies where one fied as part of a study. Language Java C Category Degree of Diff. Clone Kind Data OO-Design ... ... low medium high partial full ... ... ... Solution (fle) left right ... Benchmark re 4: Structure of the benchmark set (over Available at: https://github.com/SE-Stuttgart/clone-study
syntactic similarity. • Type-1–3 detectors will not reliability detect them. • Newer approaches, such as CCCD, improve that but not by much. Future Work • Future proposal for type-4 detectors can use categorisation and benchmarks as „todo“ list. • Probably a combination of static and dynamic analyses needed
wagnerst
joisino
hayataka88
tlyu0419
lyakaap
tagtag
konakalab
fuyu_quant0
aronwalsh
ianozsvald
melix
asymptotic_minato
nearme_tech
skipperchong
tammyeverts
bermonpainter
pauljervisheath
jnunemaker
3n
reverentgeek
iamctodd
addyosmani
jrom
eitanlees
![How problematic are these inconsistencies (and clones)? Indicating harmfulness [Lague97]:](https://files.speakerdeck.com/presentations/e1589b32d8ac4b37901933aa257c4d36/slide_15.jpg){kind=link}
!["Redundancy [in requirements specifications] causes good engineers to suffer and](https://files.speakerdeck.com/presentations/e1589b32d8ac4b37901933aa257c4d36/slide_29.jpg){kind=link}
![Modifiability generally requires a requirements specification to […] not be](https://files.speakerdeck.com/presentations/e1589b32d8ac4b37901933aa257c4d36/slide_30.jpg){kind=link}
