prevalence of confusing code in software projects
play

Prevalence of Confusing Code in Software Projects Atoms of - PDF document

Feb 16, 2023 •303 likes •809 views

Prevalence of Confusing Code in Software Projects Atoms of Confusion in the Wild Dan Gopstein NYU Hongwei Henry Zhou, Phyllis Frankl, Justin Cappos AtomsOfConfusion.com 1 Hi, my name is Dan Gopstein, and today Im going to talk about

  1. Prevalence of Confusing Code in Software Projects Atoms of Confusion in the Wild Dan Gopstein NYU Hongwei Henry Zhou, Phyllis Frankl, Justin Cappos AtomsOfConfusion.com 1 Hi, my name is Dan Gopstein, and today I’m going to talk about confusing code and where it lives

  2. Atoms of Confusion in the Wild if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; 2 To give you an example of the kind of confusing code we’ll be looking at, I want to give a motivating exmaple

  3. Atoms of Confusion in the Wild Apple’s Goto Fail bug if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; 3 This code was made famous in 2014 when it allowed any IOS device to be MITM’d

  4. Atoms of Confusion in the Wild Apple’s Goto Fail bug if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; Two Atoms of Confusion: ● Assignment as Value ● Omitted Curly Brace 4 What my team and I subsequently measured was that there are two specific patterns in this buggy code that are quantifiably more confusing than other constructs in C/C++

  5. Atoms of Confusion in the Wild Apple’s Goto Fail bug if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) { { goto fail; goto fail; } Two Atoms of Confusion: ● Assignment as Value ● Omitted Curly Brace 5 Using the value of an assignment expression, and omitting the curly braces from an if-statement. While we don’t know what caused this bug, it is clear that if this code didn’t contain these patterns, the bug would not be able to exist in its current. Both of these patterns are examples of Atoms of Confusion, which I’ll introduce in more depth later.

  6. Outline Atoms of Confusion are ... ● Confusing - Both in the lab and in the wild ● Prevalent - Occurring frequently in practice ● Buggy - Causing or correlated with faults 6 But in general through this work, we’ve found that Atoms of Confusion are confusing, prevalent, and buggy. We’ll step through this findings one by one.

  7. Outline Atoms of Confusion are ... ● Confusing - Both in the lab and in the wild ● Prevalent - Occurring frequently in practice ● Buggy - Causing or correlated with faults 7 We’ll start with confusion, because this was the jumping off point for us.

  8. Atoms of Confusion Understanding Misunderstandings in Source Code D. Gopstein, J. Iannacone, Y. Yan, L. DeLong, Y. Zhuang, M. Yeh, J. Cappos ESEC/FSE 2017 8 A lot of the work described in this paper is dependent on some of the concepts my group has explored in prior work. I’ll go over the parts that are necessary to understand our current work, but if you’d like even more information, I encourage you to go back and check out our paper “Understanding Misunderstandings in Source Code” that we published at FSE last year.

  9. Confusion When a person and a machine read the same piece of code, yet come to different conclusions about its output. printf("%d",013) 13 11 9 For example, when I will talk about confusion, I’ll mean a very precise definition tailored to this type of work. Specifically, when I say confusion, I mean any time that a human believes a piece of code does something different than allowed by the language spec its defined in. Our work, so far, has mostly been focussed on C/C++, so for us, confusion happens when a programmer believes code behaves differently than C/C++ specifies it should. This definition is useful because it’s objective and quantifiable. We can literally show programmers small snippets of code, ask them what the output is, and compare that to the output from a computer and measure the rates that these programmers get the output correct.

  10. Measurable printf("%d",013) printf("%d",11) 10 And that’s what we did previously. We would take two functionally equivalent pieces of code, and ask 73 programmers to hand evaluate each of the two.

  11. Measurable printf("%d",013) printf("%d",11) 11 And nd we measured how often they got each question right or wrong

  12. Measurable printf("%d",013) printf("%d",11) 12 And from that data we were able to tell how confusing each snippet was, relative to its baseline.

  13. Precise The smallest piece of code that can cause confusion Fluff Confusing Code Confusing Code Other Stuff 13 You’ll also notice that all our examples throughout this talk are quite small. Part of the idea of our work, the reason we call them “atoms”, is because in addition to wanting to be objective and measurable, we also want to be precise. When we measure how confusing a piece of code is, we want to know exactly what language construct we’re measuring.

  14. Precise The smallest piece of code that can cause confusion Fluff Atom of Confusion Confusing Code Confusing Code Other Stuff 14 We’ll refer to this concept as an “Atom of Confusion” - The smallest piece of code that can reliably cause confusion in a programmer.

  15. Identified Atoms φ 15 In our original paper, we ended up identifying 15 patterns that were significantly more confusing than their functionally equivalent counter-part. They’re shown above next the statistical effect size we calculated for each one.

  16. Atoms of Confusion φ = .63 φ = .48 Literal Encoding Logic as Control Flow printf("%d",013) V1 && F2() φ = .33 φ = .28 Operator Precedence Pre-Increment 0 && 1 || 2 V1 = ++V2; Understanding Misunderstandings in Source Code D. Gopstein, J. Iannacone, Y. Yan, L. DeLong, Y. Zhuang, M. Yeh, J. Cappos ESEC/FSE 2017 16 To show a couple examples of the atoms of confusion and their confusingness effect size, we’ve pulled some representative examples from the first paper, they show some of the most and least confusing examples from that study.

  17. Outline Atoms of Confusion are ... ● Confusing - Both in the lab and in the wild ● Prevalent - Occurring frequently in practice ● Buggy - Causing or correlated with faults 17 Everything we’ve seen so far was presented in our paper last year. It shows experimental evidence for confusing patterns in code, but does not validate those against the state of actively maintained projects. For the rest of this talk, I’ll show how we confirmed that these atoms do exist in practice, and the interactions they have with software projects.

  18. Classifier if (x = 2) foo(); if = ; x 2 () foo 18 First we needed to be able to determine whether not a piece of code contained an atom of confusion We looked at both the lexical representation and the abstract syntax trees

  19. Classifier if (x = 2) foo(); Classifier if = ; x 2 () foo 19 And made 15 functions we call “classifiers” which identify whether a piece of code contains an atom of confusion

  20. Classifier if (x = 2) foo(); { Classifier if = Two Atoms of Confusion: ; x 2 ● Assignment as Value () ● Omitted Curly Brace foo 20 By running each of our 15 classifiers over a body of source code we’re able to find every location of every atom of confusion in a software project.

  21. Corpus 21 We collected a corpus of 14 of the largest, most popular and influential open source projects from several disparate application domains. We chose 7 typical application domains and picked to complementary projects from each domain. We collected projects that began as early as 1985 to as recently as 2007. As small as a 200k lines, to as large as 20 million. We hoped that the size and diversity of these projects would allow us to not only find atoms of confusion in the wild, but also to analyzes difference about how each type of project was programmed.

  22. How Often do Atoms Occur? 1 atom every ~12 lines 1 atom every ~44 lines 22 Perhaps the most important question we investigated was whether or not atoms of confusion actually occurred in real software. The answer to this is a definite “yes”. Here we show, for each project, the rate at which atoms of confusion occur. All of our calculations are done on the AST, and so while the numbers are very accurate, they can be difficult to interpret directly. In rough terms, we found that at most, projects like git had atoms of confusion every 12 lines, and at least one every 44 lines in projects like nginx. All of this is to say that atoms of confusion certainly do occur in practice. But which ones occur?

  23. Which Atoms Occur Most Frequently? 1 every ~51 lines 1 every ~1.6 million 23 Atoms are not homogeneous in their description, so we shouldn’t expect that they’re used with the same frequence. It turns out that they’re very much not. Some atoms, like the Reversed Subscript atom, occur only a handful of times over our entire corpus, while things like omitting curly braces from if statements and while loops are extremely common occurring almost once every 50 lines.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Prevalence of Confusing Code in Software Projects Atoms of Confusion in the Wild Dan Gopstein

Prevalence of Confusing Code in Software Projects Atoms of Confusion in the Wild Dan Gopstein

Prevalence of Confusing Code in Software Projects Atoms of Confusion in the Wild Dan Gopstein NYU Hongwei Henry Zhou, Phyllis Frankl, Justin Cappos AtomsOfConfusion.com 1 Atoms of Confusion in the Wild if ((err =

834 views • 50 slides
An Exploratory Study Into the Prevalence of Botched Code Integrations @wardmuylaert @oniroi

An Exploratory Study Into the Prevalence of Botched Code Integrations @wardmuylaert @oniroi

An Exploratory Study Into the Prevalence of Botched Code Integrations @wardmuylaert @oniroi Ward Muylaert and Coen De Roover Software Languages Lab Vrije Universiteit Brussel Brussels, Belgium Textual Conflicts function foo(x) { if (x <

829 views • 44 slides
Thinking Software Today I want to talk about the importance of software/code and why we need to

Thinking Software Today I want to talk about the importance of software/code and why we need to

Thinking Software Today I want to talk about the importance of software/code and why we need to study it: 1. Software/Code 2. The softwarization of the university Apple Siri Thinking Software 3. Knowledge in the Digital Age code and the

476 views • 14 slides
CS314 Software Engineering Clean Code Dave Matthews Clean Code: A Handbook of Agile Software

CS314 Software Engineering Clean Code Dave Matthews Clean Code: A Handbook of Agile Software

3/1/18 CS314 Software Engineering Clean Code Dave Matthews Clean Code: A Handbook of Agile Software Craftsmanship, Robert C Martin, 2009 1 3/1/18 Code Climate Maintainability complexity (cognitive or boolean logic) duplicate code

257 views • 4 slides
How Software Projects Fail Software Failures Software appears, by its nature, to be difficult to

How Software Projects Fail Software Failures Software appears, by its nature, to be difficult to

How Software Projects Fail Software Failures Software appears, by its nature, to be difficult to engineer on a large scale. Nevertheless, there is an insatiable demand for sizeable, well-engineered software. Dr. James A. Bednar We continue to

69 views • 6 slides
Code Coverage SWEN-261 Introduction to Software Engineering Department of Software Engineering

Code Coverage SWEN-261 Introduction to Software Engineering Department of Software Engineering

Code Coverage SWEN-261 Introduction to Software Engineering Department of Software Engineering Rochester Institute of Technology Code coverage analysis is measuring how well your unit tests exercise the production code. Code coverage

290 views • 10 slides
Code quality in Python A reasonable approach to measuring code quality in your projects Radosaw

Code quality in Python A reasonable approach to measuring code quality in your projects Radosaw

Code quality in Python A reasonable approach to measuring code quality in your projects Radosaw Ganczarek - 2019 Hi! Its me again! Radosaw Ganczarek (Rad) EuroPython 2015 (Bilbao) Reasonable approach? Made with by PGS Software Made

770 views • 34 slides
Fisheries NZ Interaction projects Projects from the last 3 years Code Title Stage Comments

Fisheries NZ Interaction projects Projects from the last 3 years Code Title Stage Comments

Fisheries NZ Interaction projects Projects from the last 3 years Code Title Stage Comments PRO2016-06 Spatially explicit risk assessment query and simulation tool Contracted Due to deliver by early 2019 PMM2018-04A Estimate spatial

142 views • 3 slides
ECE 3574: Applied Software Design Meeting 08: Building Cross-Platform Software using CMake The

ECE 3574: Applied Software Design Meeting 08: Building Cross-Platform Software using CMake The

ECE 3574: Applied Software Design Meeting 08: Building Cross-Platform Software using CMake The goal of todays meeting it to learn about building larger software projects that have multiple modules of code, unit tests, and main programs.

230 views • 9 slides
Tools for Software Projects Massimo Felici Massimo Felici Tools for Software Projects 2011

Tools for Software Projects Massimo Felici Massimo Felici Tools for Software Projects 2011

Tools for Software Projects Massimo Felici Massimo Felici Tools for Software Projects 2011 c 1 Automating Drudgery Most of the techniques we will talk about can benefit from automated tools , and some would be totally impractical

451 views • 28 slides
Code Communication SWEN-610 Foundations of Software Engineering Department of Software

Code Communication SWEN-610 Foundations of Software Engineering Department of Software

Code Communication SWEN-610 Foundations of Software Engineering Department of Software Engineering Rochester Institute of Technology How your code "reads" is critically important for the humans who will read it. Any fool can write

417 views • 9 slides
The Severity and Prevalence of Ambiguity in Software Engineering Requirements Cristina Ribeiro

The Severity and Prevalence of Ambiguity in Software Engineering Requirements Cristina Ribeiro

The Severity and Prevalence of Ambiguity in Software Engineering Requirements Cristina Ribeiro PhD Candidate University of Waterloo Overview Introduction Research Problem Proposed Solution Ambiguity Model Research Method 2 Introduction

846 views • 47 slides
Software Architecture and Design On the importance of planning Why do Projects Fail? Steve

Software Architecture and Design On the importance of planning Why do Projects Fail? Steve

Software Architecture and Design On the importance of planning Why do Projects Fail? Steve McConnell describes how small projects aren't necessarily representative of the problems you'll encounter on larger projects: People who have

638 views • 30 slides
Managing Large Code Projects 15-110 Wednesday 11/11 Learning Goals Implement helper

Managing Large Code Projects 15-110 Wednesday 11/11 Learning Goals Implement helper

Managing Large Code Projects 15-110 Wednesday 11/11 Learning Goals Implement helper functions in code to break up large problems into solvable subtasks Recognize the four core rules of code maintenance Use the input command and

1.07k views • 62 slides
The Impact of Code Review Coverage and Code Review Participation on Software Quality Shane

The Impact of Code Review Coverage and Code Review Participation on Software Quality Shane

The Impact of Code Review Coverage and Code Review Participation on Software Quality Shane Yasutaka Bram Ahmed E. McIntosh Kamei Adams Hassan Code reviews : An opportunity for constructive criticism of code changes Yasu Shane Bram

1.62k views • 89 slides
Monitoring Code Quality and Monitoring Code Quality and Development Activity by Software Maps

Monitoring Code Quality and Monitoring Code Quality and Development Activity by Software Maps

Monitoring Code Quality and Monitoring Code Quality and Development Activity by Software Maps by Software Maps J h Johannes Bohnet and Jrgen Dllner B h t d J Dll Hasso-Plattner-Institute for IT Systems Engineering University of

226 views • 8 slides
Print and None >>> def does_not_return_square(x): ... x * x No return ... None

Print and None >>> def does_not_return_square(x): ... x * x No return ... None

None Indicates that Nothing is Returned The special value None represents nothing in Python A function that does not explicitly return a value will return None Careful : None is not displayed by the interpreter as the value of an expression Print

398 views • 8 slides
MAT 137 LEC 0601 Instructor: Alessandro Malus TA: Julia Kim October 20th, 2020 Warm-up

MAT 137 LEC 0601 Instructor: Alessandro Malus TA: Julia Kim October 20th, 2020 Warm-up

MAT 137 LEC 0601 Instructor: Alessandro Malus TA: Julia Kim October 20th, 2020 Warm-up question : Suppose c is a fixed real number, f a differentiable function on R , and f = g . Are these correct? = g ( x ) + c d d f ( x ) +

256 views • 7 slides
1. Algebra 1.1 Basic Algebra 1.2 Equations and Inequalities 1.3 Systems of Equations 1.1 Basic

1. Algebra 1.1 Basic Algebra 1.2 Equations and Inequalities 1.3 Systems of Equations 1.1 Basic

1. Algebra 1.1 Basic Algebra 1.2 Equations and Inequalities 1.3 Systems of Equations 1.1 Basic Algebra 1.1.1 Algebraic Operations 1.1.2 Factoring and Expanding Polynomials 1.1.3 Introduction to Exponentials 1.1.4 Logarithms 1.1.1

992 views • 82 slides
d i E Absolute Value a l l u d Dr. Abdulla Eid b A College of Science . r D MATHS

d i E Absolute Value a l l u d Dr. Abdulla Eid b A College of Science . r D MATHS

Section 1.4 d i E Absolute Value a l l u d Dr. Abdulla Eid b A College of Science . r D MATHS 103: Mathematics for Business I Dr. Abdulla Eid (University of Bahrain) Absolute Value 1 / 21 Absolute Value Definition The absolute

601 views • 21 slides
Recursion and Induction: Haskell; Primitive Data Types; Writing Function Definitions Greg Plaxton

Recursion and Induction: Haskell; Primitive Data Types; Writing Function Definitions Greg Plaxton

Recursion and Induction: Haskell; Primitive Data Types; Writing Function Definitions Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Haskell Functional programming

344 views • 17 slides
ATI TEAS MATH UNDERSTANDING ALGEBRAIC EQUATIONS AT ATI TEAS MAT ATH AL ALGEBRAI AIC EQU

ATI TEAS MATH UNDERSTANDING ALGEBRAIC EQUATIONS AT ATI TEAS MAT ATH AL ALGEBRAI AIC EQU

ATI TEAS MATH UNDERSTANDING ALGEBRAIC EQUATIONS AT ATI TEAS MAT ATH AL ALGEBRAI AIC EQU QUATIONS HOW TO SIMPLIFY EQUATIONS One of the easiest ways to solve algebraic equations is to combine like terms. Like terms is described as terms

341 views • 8 slides
Introduction to Programming in Haskell Chalmers & GU Koen Lindstrm Claessen Programming

Introduction to Programming in Haskell Chalmers & GU Koen Lindstrm Claessen Programming

Introduction to Programming in Haskell Chalmers & GU Koen Lindstrm Claessen Programming Exciting subject at the heart of computing Never programmed? Learn to make the computer obey you! Programmed before? Lucky

1.26k views • 58 slides
7th Grade The Number System & Mathematical Operations 2015-08-31 www.njctl.org Slide 3 /

7th Grade The Number System & Mathematical Operations 2015-08-31 www.njctl.org Slide 3 /

Slide 1 / 262 Slide 2 / 262 7th Grade The Number System & Mathematical Operations 2015-08-31 www.njctl.org Slide 3 / 262 Slide 4 / 262 Table of Contents Natural Numbers and Whole Numbers Addition, Subtraction and Integers Addition

715 views • 44 slides

More recommend