Collecting and categorizing software error data in an industrial environment
Journal of Systems and Software - Special issue on the fifth Minnowbrook workshop on software performance evaluation
Software testing techniques (2nd ed.)
Software testing techniques (2nd ed.)
The nature of statistical learning theory
The nature of statistical learning theory
Defect type and its impact on the growth curve
ICSE '91 Proceedings of the 13th international conference on Software engineering
A probabilistic model of information retrieval: development and comparative experiments Part 2
Information Processing and Management: an International Journal
Dynamically Discovering Likely Program Invariants to Support Program Evolution
IEEE Transactions on Software Engineering - Special issue on 1999 international conference on software engineering
An empirical study of operating systems errors
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
The distribution of faults in a large industrial software system
ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis
Learning to Classify Text Using Support Vector Machines: Methods, Theory and Algorithms
Learning to Classify Text Using Support Vector Machines: Methods, Theory and Algorithms
GUI Testing: Pitfalls and Process
Computer
Quantitative Analysis of Faults and Failures in a Complex Software System
IEEE Transactions on Software Engineering
Whither Generic Recovery from Application Faults? A Fault Study using Open-Source Software
DSN '00 Proceedings of the 2000 International Conference on Dependable Systems and Networks (formerly FTCS-30 and DCCA-8)
Automated support for classifying software failure reports
Proceedings of the 25th International Conference on Software Engineering
An analysis of errors and their causes in system programs
Proceedings of the international conference on Reliable software
Test Case Prioritization: An Empirical Study
ICSM '99 Proceedings of the IEEE International Conference on Software Maintenance
Software Security for Open-Source Systems
IEEE Security and Privacy
Part of speech tagging using a network of linear separators
COLING '98 Proceedings of the 17th international conference on Computational linguistics - Volume 2
Predicting the Location and Number of Faults in Large Software Systems
IEEE Transactions on Software Engineering
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
CP-Miner: a tool for finding copy-paste and related bugs in operating system code
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Evaluating static analysis defect warnings on production software
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
MSR '07 Proceedings of the Fourth International Workshop on Mining Software Repositories
Rx: Treating bugs as allergies—a safe method to survive software failures
ACM Transactions on Computer Systems (TOCS)
Which warnings should I fix first?
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Predicting vulnerable software components
Proceedings of the 14th ACM conference on Computer and communications security
Learning from mistakes: a comprehensive study on real world concurrency bug characteristics
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Predicting defects using network analysis on dependency graphs
Proceedings of the 30th international conference on Software engineering
Open source vs. closed source software: towards measuring security
Proceedings of the 2009 ACM symposium on Applied Computing
Semantics-aware trace analysis
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Toward an understanding of bug fix patterns
Empirical Software Engineering
The life and death of statically detected vulnerabilities: An empirical study
Information and Software Technology
An empirical study of security problem reports in Linux distributions
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
Capability wrangling made easy: debugging on a microkernel with valgrind
Proceedings of the 6th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
ConMem: detecting severe concurrency bugs through an effect-oriented approach
Proceedings of the fifteenth edition of ASPLOS on Architectural support for programming languages and operating systems
Tracking code patterns over multiple software versions with Herodotos
Proceedings of the 9th International Conference on Aspect-Oriented Software Development
Towards a unified fault-detection benchmark
Proceedings of the 9th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
An empirical study of reported bugs in server software with implications for automated bug diagnosis
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Efficient, context-sensitive detection of real-world semantic attacks
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Towards understanding bugs in open source router software
ACM SIGCOMM Computer Communication Review
The beauty and the beast: vulnerabilities in red hat’s packages
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
Mining hot clusters of similar anomalies for system management
PRICAI'10 Proceedings of the 11th Pacific Rim international conference on Trends in artificial intelligence
Improving software diagnosability via log enhancement
Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
A security policy oracle: detecting security holes using multiple API implementations
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Detecting and escaping infinite loops with jolt
Proceedings of the 25th European conference on Object-oriented programming
Improving Software Diagnosability via Log Enhancement
ACM Transactions on Computer Systems (TOCS) - Special Issue APLOS 2011
Idea: java vs. PHP: security implications of language choice for web applications
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Quo vadis? a study of the evolution of input validation vulnerabilities in web applications
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Understanding and detecting real-world performance bugs
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
ConMem: Detecting Crash-Triggering Concurrency Bugs through an Effect-Oriented Approach
ACM Transactions on Software Engineering and Methodology (TOSEM)
Production-run software failure diagnosis via hardware performance counters
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
ConAir: featherweight concurrency bug recovery via single-threaded idempotent execution
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
A Study of Linux File System Evolution
ACM Transactions on Storage (TOS)
A study of Linux file system evolution
FAST'13 Proceedings of the 11th USENIX conference on File and Storage Technologies
| Hi-index | 0.00 |
Software errors are a major cause for system failures. To effectively design tools and support for detecting and recovering from software failures requires a deep understanding of bug characteristics. Recently, software and its development process have significantly changed in many ways, including more help from bug detection tools, shift towards multi-threading architecture, the open-source development paradigm and increasing concerns about security and user-friendly interface. Therefore, results from previous studies may not be applicable to present software. Furthermore, many new aspects such as security, concurrency and open-source-related characteristics have not well studied. Additionally, previous studies were based on a small number of bugs, which may lead to non-representative results.To investigate the impacts of the new factors on software errors, we analyze bug characteristics by first sampling hundreds of real world bugs in two large, representative open-source projects. To validate the representativeness of our results, we use natural language text classification techniques and automatically analyze around 29, 000 bugs from the Bugzilla databases of the software.Our study has discovered several new interesting characteristics: (1) memory-related bugs have decreased because quite a few effective detection tools became available recently; (2) surprisingly, some simple memory-related bugs such as NULL pointer dereferences that should have been detected by existing tools in development are still a major component, which indicates that the tools have not been used with their full capacity; (3) semantic bugs are the dominant root causes, as they are application specific and difficult to fix, which suggests that more efforts should be put into detecting and fixing them; (4) security bugs are increasing, and the majority of them cause severe impacts.