Deviance from perfection is a better criterion than closeness to evil when identifying risky code

We propose an approach for the automatic detection of potential design defects in code. The detection is based on the notion that the more code deviates from good practices, the more likely it is bad. Taking inspiration from artificial immune systems, we generated a set of detectors that characterize different ways that a code can diverge from good practices. We then used these detectors to measure how far code in assessed systems deviates from normality. We evaluated our approach by finding potential defects in two open-source systems (Xerces-J and Gantt). We used the library JHotDraw as the code base representing good design/programming practices. In both systems, we found that 90% of the riskiest classes were defects, a precision far superiour to state of the art rule-based approaches.

[1]  Yann-Gaël Guéhéneuc,et al.  DECOR: A Method for the Specification and Detection of Code and Design Smells , 2010, IEEE Transactions on Software Engineering.

[2]  Mel Ó Cinnéide,et al.  Search-based refactoring: an empirical study , 2008 .

[3]  John A. Clark,et al.  Metrics are fitness functions too , 2004 .

[4]  William C. Wake,et al.  Refactoring Workbook , 2003 .

[5]  Foutse Khomh,et al.  A Bayesian Approach for the Detection of Code and Design Smells , 2009, 2009 Ninth International Conference on Quality Software.

[6]  Cemal Yilmaz,et al.  Software Metrics , 2008, Wiley Encyclopedia of Computer Science and Engineering.

[7]  Shari Lawrence Pfleeger,et al.  Software metrics (2nd ed.): a rigorous and practical approach , 1997 .

[8]  Jonathan Timmis,et al.  Artificial Immune Systems: A New Computational Intelligence Approach , 2003 .

[9]  Suraj C. Kothari,et al.  A Pattern-Based Framework for Software Anomaly Detection , 2004, Software Quality Journal.

[10]  Fabio A. González,et al.  Anomaly Detection Using Real-Valued Negative Selection , 2003, Genetic Programming and Evolvable Machines.

[11]  Ashutosh Saxena,et al.  Danger theory based SYN flood attack detection in autonomic network , 2009, SIN '09.

[12]  Zhou Ji,et al.  Artificial immune system (AIS) research in the last five years , 2003, The 2003 Congress on Evolutionary Computation, 2003. CEC '03..

[13]  Mika Mäntylä,et al.  A taxonomy and an initial empirical study of bad smells in code , 2003, International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings..

[14]  Michael Brudno,et al.  Algorithms for comparison of DNA sequences , 2004 .

[15]  David E. Goldberg,et al.  Genetic Algorithms in Search Optimization and Machine Learning , 1988 .

[16]  Gabriela Serban Czibula,et al.  Clustering Based Automatic Refactorings Identification , 2008, 2008 10th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing.

[17]  Houari A. Sahraoui,et al.  Détection d'anomalies utilisant un langage de règle de qualité , 2006, LMO.

[18]  Radu Marinescu,et al.  Detection strategies: metrics-based rules for detecting design flaws , 2004, 20th IEEE International Conference on Software Maintenance, 2004. Proceedings..

[19]  Claus Lewerentz,et al.  Applying design-metrics to object-oriented frameworks , 1996, Proceedings of the 3rd International Software Metrics Symposium.

[20]  Shari Lawrence Pfleeger,et al.  Software Metrics : A Rigorous and Practical Approach , 1998 .

[21]  Loris Nanni,et al.  Generalized Needleman-Wunsch algorithm for the recognition of T-cell epitopes , 2008, Expert Syst. Appl..

[22]  D. E. Goldberg,et al.  Genetic Algorithms in Search , 1989 .

[23]  Pierre Poulin,et al.  Visual Detection of Design Anomalies , 2008, 2008 12th European Conference on Software Maintenance and Reengineering.

[24]  Wei Pang,et al.  Modified clonal selection algorithm for learning qualitative compartmental models of metabolic systems , 2007, GECCO '07.

[25]  Banu Diri,et al.  Software defect prediction using artificial immune recognition system , 2007 .

[26]  Zhendong Niu,et al.  Facilitating software refactoring with appropriate resolution order of bad smells , 2009, ESEC/FSE '09.

[27]  Gerry V. Dozier,et al.  An evaluation of negative selection algorithm with constraint-based detectors , 2006, ACM-SE 44.

[28]  Arthur J. Riel,et al.  Object-Oriented Design Heuristics , 1996 .

[29]  F. Azuaje Review of artificial immune systems: a new computational intelligence approach by L.N. de Castro and J. Timmis (Eds) Springer, London, 2002 , 2003 .

[30]  Thomas J. Mowbray,et al.  AntiPatterns: Refactoring Software, Architectures, and Projects in Crisis , 1998 .