How Long Does a Bug Survive? An Empirical Study

Corrective maintenance activities (bug fixing) can be performed a long time after a bug introduction, or shortly after it. Such a time interval, i.e., the bug survival time, may depend on many factors, e.g., the bug severity/harmfulness, but also on how likely does the bug manifest itself and how difficult was to fix it. This paper proposes the use of survival analysis aimed at determining the relationship between the risk of not fixing a bug within a given time frame and specific source code constructs-e.g., expression operators or programming language constructs-changed when fixing the bug. We estimate the survival time by extracting, from versioning repositories, changes introducing and fixing bugs, and then correlate such a time-by means of survival models-with the constructs changed during bug-fixing. Results of a study performed on data extracted from the versioning repository of four open source projects-Eclipse, Mozilla, Open LDAP, and Vuze-indicate that long-lived bugs can be characterized by changes to specific code constructs.

[1]  E. Kaplan,et al.  Nonparametric Estimation from Incomplete Observations , 1958 .

[2]  A. Wood,et al.  Predicting Software Reliability , 1996, Computer.

[3]  Mary Shaw,et al.  Empirical evaluation of defect projection models for widely-deployed production software systems , 2004, SIGSOFT '04/FSE-12.

[4]  D. Kleinbaum,et al.  Survival Analysis: A Self-Learning Text. , 1996 .

[5]  Sunghun Kim,et al.  How long did it take to fix bugs? , 2006, MSR '06.

[6]  Wendell D. Jones,et al.  Reliability models for very large software systems in industry , 1991, Proceedings. 1991 International Symposium on Software Reliability Engineering.

[7]  Peter Göhner,et al.  Mining software code repositories and bug databases using survival analysis models , 2008, ESEM '08.

[8]  Giuliano Antoniol,et al.  Maintenance and testing effort modeled by linear and nonlinear dynamic systems , 2001, Inf. Softw. Technol..

[9]  Audris Mockus,et al.  Understanding and predicting effort in software projects , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[10]  Andreas Zeller,et al.  How Long Will It Take to Fix This Bug? , 2007, Fourth International Workshop on Mining Software Repositories (MSR'07:ICSE Workshops 2007).

[11]  Andreas Zeller,et al.  Mining version histories to guide software changes , 2005, Proceedings. 26th International Conference on Software Engineering.

[12]  Harald C. Gall,et al.  Populating a Release History Database from version control and bug tracking systems , 2003, International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings..

[13]  Tibor Gyimóthy,et al.  Empirical validation of object-oriented metrics on open source software for fault prediction , 2005, IEEE Transactions on Software Engineering.

[14]  D. Cox Regression Models and Life-Tables , 1972 .

[15]  H. Akaike A new look at the statistical model identification , 1974 .

[16]  Thomas Zimmermann,et al.  Automatic Identification of Bug-Introducing Changes , 2006, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06).

[17]  Michael D. Ernst,et al.  Which warnings should I fix first? , 2007, ESEC-FSE '07.

[18]  Yi Zhang,et al.  Classifying Software Changes: Clean or Buggy? , 2008, IEEE Transactions on Software Engineering.

[19]  D.,et al.  Regression Models and Life-Tables , 2022 .

[20]  Lerina Aversano,et al.  The life and death of statically detected vulnerabilities: An empirical study , 2009, Inf. Softw. Technol..