Prevalence of Confusing Code in Software Projects Atoms of - - PowerPoint PPT Presentation

Prevalence of Confusing Code in Software Projects

Atoms of Confusion in the Wild

Dan Gopstein NYU

Hongwei Henry Zhou, Phyllis Frankl, Justin Cappos AtomsOfConfusion.com

1

Atoms of Confusion in the Wild

2

if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail;

Atoms of Confusion in the Wild

3

if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail;

Apple’s Goto Fail bug

Atoms of Confusion in the Wild

4

if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail;

Apple’s Goto Fail bug

Two Atoms of Confusion:

• Assignment as Value
• Omitted Curly Brace

Atoms of Confusion in the Wild

5

if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) { goto fail; goto fail;

Apple’s Goto Fail bug

{ }

Two Atoms of Confusion:

• Assignment as Value
• Omitted Curly Brace

Outline

6

Atoms of Confusion are ...

• Confusing - Both in the lab and in the wild
• Prevalent - Occurring frequently in practice
• Buggy - Causing or correlated with faults

Outline

7

Atoms of Confusion are ...

• Confusing - Both in the lab and in the wild
• Prevalent - Occurring frequently in practice
• Buggy - Causing or correlated with faults

Atoms of Confusion

8

Understanding Misunderstandings in Source Code

• D. Gopstein, J. Iannacone, Y. Yan, L. DeLong,
• Y. Zhuang, M. Yeh, J. Cappos

ESEC/FSE 2017

printf("%d",013) Confusion

13 11

When a person and a machine read the same piece of code, yet come to different conclusions about its output.

9

Measurable printf("%d",013)

10

printf("%d",11)

Measurable

11

printf("%d",013) printf("%d",11)

Measurable

12

printf("%d",013) printf("%d",11)

Precise

The smallest piece of code that can cause confusion

Other Stuff Fluff Confusing Code Confusing Code

13

Precise

The smallest piece of code that can cause confusion

Other Stuff Fluff Confusing Code Confusing Code

Atom of Confusion

14

Identified Atoms

15

φ

Atoms of Confusion

16

Understanding Misunderstandings in Source Code

• D. Gopstein, J. Iannacone, Y. Yan, L. DeLong, Y. Zhuang, M. Yeh, J.

Cappos ESEC/FSE 2017

V1 && F2()

Logic as Control Flow

V1 = ++V2;

Pre-Increment

printf("%d",013)

Literal Encoding

0 && 1 || 2

Operator Precedence φ = .63 φ = .48 φ = .28 φ = .33

Outline

17

Atoms of Confusion are ...

• Confusing - Both in the lab and in the wild
• Prevalent - Occurring frequently in practice
• Buggy - Causing or correlated with faults

Classifier

18

if = x 2 foo () ; if (x = 2) foo();

Classifier

19

if = x 2 foo () ; if (x = 2) foo(); Classifier

Classifier

20

if = x 2 foo () ; if (x = 2) foo(); Classifier Two Atoms of Confusion:

• Assignment as Value
• Omitted Curly Brace

{

Corpus

21

How Often do Atoms Occur?

1 atom every ~12 lines 1 atom every ~44 lines

22

Which Atoms Occur Most Frequently?

1 every ~51 lines 1 every ~1.6 million

23

Are Confusing Patterns Less Common?

24

φ

Prevalent

ulpmc->cmd = htobe32(V_ULPTX_CMD(ULP_TX_MEM_WRITE) | is_t4(sc) ? F_ULP_MEMIO_ORDER : F_T5_ULP_MEMIO_IMM);

25

https://github.com/freebsd/freebsd/blob/3c60e22da7d4460db7adb2b916f55e22b7d60e26/sys/dev/cxgbe/tom/t4_ddp.c#L766

Prevalent

ulpmc->cmd = htobe32(V_ULPTX_CMD(ULP_TX_MEM_WRITE) | is_t4(sc) ? F_ULP_MEMIO_ORDER : F_T5_ULP_MEMIO_IMM);

Contains:

• Operator Precedence
• Conditional Operator
• Implicit Predicate

26

https://github.com/freebsd/freebsd/blob/3c60e22da7d4460db7adb2b916f55e22b7d60e26/sys/dev/cxgbe/tom/t4_ddp.c#L766

Prevalent

ulpmc->cmd = htobe32(V_ULPTX_CMD(ULP_TX_MEM_WRITE) | is_t4(sc) ? F_ULP_MEMIO_ORDER : F_T5_ULP_MEMIO_IMM);

Contains:

• Operator Precedence
• Conditional Operator
• Implicit Predicate

27

https://github.com/freebsd/freebsd/blob/3c60e22da7d4460db7adb2b916f55e22b7d60e26/sys/dev/cxgbe/tom/t4_ddp.c#L766

Outline

28

Atoms of Confusion are ...

• Confusing - Both in the lab and in the wild
• Prevalent - Occurring frequently in practice
• Buggy - Causing or correlated with faults

Are Atoms Removed More In Bug Fix Commits?

29

Are Atoms Commented More Often?

30

Are Atoms Commented More Often?

31

1.00

Buggy

32

https://github.com/torvalds/linux/commit/7aa92c4229fefff0cab6930cf977f4a0e3e606d8

#define ABS(x) ((x) < 0 ? (-x) : (x))

Buggy

33

https://github.com/torvalds/linux/commit/7aa92c4229fefff0cab6930cf977f4a0e3e606d8

#define ABS(x) ((x) < 0 ? (-x) : (x)) ABS(1) => ???

Buggy

34

https://github.com/torvalds/linux/commit/7aa92c4229fefff0cab6930cf977f4a0e3e606d8

#define ABS(x) ((x) < 0 ? (-x) : (x)) ABS(1) => 1

Buggy

35

https://github.com/torvalds/linux/commit/7aa92c4229fefff0cab6930cf977f4a0e3e606d8

#define ABS(x) ((x) < 0 ? (-x) : (x)) ABS(1) => 1 ABS(-2) => ???

Buggy

36

https://github.com/torvalds/linux/commit/7aa92c4229fefff0cab6930cf977f4a0e3e606d8

#define ABS(x) ((x) < 0 ? (-x) : (x)) ABS(1) => 1 ABS(-2) => 2

Buggy

37

https://github.com/torvalds/linux/commit/7aa92c4229fefff0cab6930cf977f4a0e3e606d8

#define ABS(x) ((x) < 0 ? (-x) : (x)) ABS(1) => 1 ABS(-2) => 2 ABS(1-2) => ???

Buggy

38

https://github.com/torvalds/linux/commit/7aa92c4229fefff0cab6930cf977f4a0e3e606d8

#define ABS(x) ((x) < 0 ? (-x) : (x)) ABS(1) => 1 ABS(-2) => 2 ABS(1-2) => 1

Buggy

39

https://github.com/torvalds/linux/commit/7aa92c4229fefff0cab6930cf977f4a0e3e606d8

#define ABS(x) ((x) < 0 ? (-x) : (x)) ABS(1) => 1 ABS(-2) => 2 ABS(1-2) => 1 -3

X

Buggy

40

https://github.com/torvalds/linux/commit/7aa92c4229fefff0cab6930cf977f4a0e3e606d8

#define ABS(x) ((x) < 0 ? (-x) : (x)) ABS(1-2)

Buggy

41

https://github.com/torvalds/linux/commit/7aa92c4229fefff0cab6930cf977f4a0e3e606d8

#define ABS(x) ((x) < 0 ? (-x) : (x)) ABS(1-2) (( x ) < 0 ? (- x ) : ( x ))

Buggy

42

https://github.com/torvalds/linux/commit/7aa92c4229fefff0cab6930cf977f4a0e3e606d8

#define ABS(x) ((x) < 0 ? (-x) : (x)) ABS(1-2) (( x ) < 0 ? (- x ) : ( x ))

Buggy

43

https://github.com/torvalds/linux/commit/7aa92c4229fefff0cab6930cf977f4a0e3e606d8

#define ABS(x) ((x) < 0 ? (-x) : (x)) ABS(1-2) ((1-2) < 0 ? (-1-2) : (1-2))

Buggy

44

https://github.com/torvalds/linux/commit/7aa92c4229fefff0cab6930cf977f4a0e3e606d8

#define ABS(x) ((x) < 0 ? (-x) : (x)) ABS(1-2) ((1-2) < 0 ? (-1-2) : (1-2))

Buggy

45

https://github.com/torvalds/linux/commit/7aa92c4229fefff0cab6930cf977f4a0e3e606d8

#define ABS(x) ((x) < 0 ? (-x) : (x)) ABS(1-2) ((1-2) < 0 ? (-1-2) : (1-2))

• 3

Buggy

46

https://github.com/torvalds/linux/commit/7aa92c4229fefff0cab6930cf977f4a0e3e606d8

#define ABS(x) ((x) < 0 ? (-x) : (x)) ABS(1-2) ((1-2) < 0 ? (-1-2) : (1-2))

• 3

Buggy

47

https://github.com/torvalds/linux/commit/7aa92c4229fefff0cab6930cf977f4a0e3e606d8

#define ABS(x) ((x) < 0 ? (-x) : (x))

Macro Operator Precedence

Buggy

48

Summary

49

Atoms of Confusion are ...

• Confusing

○ Atoms are statistically more confusing than other code in the lab ○ Atoms are 13% more likely to be commented than other code

• Prevalent

○ We found millions of examples in our corpus ○ 1 in ~23 lines of code has an atom

• Buggy

○ Bug-fix commits are 25% more likely remove atoms ○ We found and fixed a handful of bugs in Linux

Prevalence of Confusing Code in Software Projects

Atoms of Confusion in the Wild

Dan Gopstein NYU

Hongwei Henry Zhou, Phyllis Frankl, Justin Cappos AtomsOfConfusion.com

Thank You

50