Automatic clustering of code changes

Kreutzer, Patrick; Dotzler, Georg; Ring, Matthias; Eskofier, Bjoern M.; Philippsen, Michæl

doi:10.1145/2901739.2901749

Cited by 30 publications

(14 citation statements)

References 57 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Long et al [51], in contrast with the previously mentioned studies, use machine learning to model correct code and generate generic defects fixes, but do not focus on propagating existing patches as we do in this study. Similar to what we do in this work, Kreutzer et al [43] use AST differencing on changes to extract metrics to help cluster the changes by similarity.…”

Section: Related Workmentioning

confidence: 92%

SPIDER: Enabling Fast Patch Propagation In Related Software Repositories

Machiry

Redini

Camellini

et al. 2020

2020 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

Despite the effort of software maintainers, patches to open-source repositories are propagated from the main codebase to all the related projects (e.g., forks) with a significant delay. Previous work shows that this is true also for security patches, which represents a critical problem. Vulnerability databases, such as the CVE database, were born to speed-up the application of critical patches; however, patches associated with CVE entries (i.e., CVE patches) are still applied with a delay, and some security fixes lack the corresponding CVE entries. Because of this, project maintainers could miss security patches when upgrading software.In this paper, we are the first to define safe patches (sps). An sp is a patch that does not disrupt the intended functionality of the program (on valid inputs), meaning that it can be applied with no testing; we argue that most security fixes fall into this category. Furthermore, we show a technique to identify sps, and implement SPIDER 1 , a tool based on such a technique that works by analyzing the source code of the original and patched versions of a file. We performed a large-scale evaluation on 341,767 patches from 32 large and popular source code repositories as well as on 809 CVE patches. Results show that SPIDER was able to identify 67,408 sps and that most of the CVE patches are sps. In addition, SPIDER identified 2,278 patches that fix vulnerabilities lacking a CVE; 229 of these are still unpatched in different vendor kernels, which can be considered as potential unfixed vulnerabilities.

show abstract

Section: Related Workmentioning

confidence: 92%

SPIDER: Enabling Fast Patch Propagation In Related Software Repositories

Machiry

Redini

Camellini

et al. 2020

2020 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

show abstract

“…The most closely related work, where change data is mined, is that of Negera et. al [21] and [22] Kreutzer et. al.…”

Section: Related Workmentioning

confidence: 98%

Mining Change Histories for Unknown Systematic Edits

Molderez

Stevens

Roover

2017

2017 IEEE/ACM 14th International Conference on Mining Software Repositories (MSR)

View full text Add to dashboard Cite

“…To evaluate the quality of the automatic resolution provided by Almost Rerere, it was necessary to know the actual resolutions committed by developers and use them as ground-truth. In [16], nine data sets based on Git repositories from active Java open-source projects were created by extracting all the differences between the sequential commits to the master branch. From six such repositories, we extracted all the single-line changes and used them as conflicts resolved by developers.…”

Section: Large Project Repositoriesmentioning

confidence: 99%

Almost Rerere: An Approach for Automating Conflict Resolution from Similar Resolved Conflicts

Fraternali

Gonzalez

Tariq

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Concurrent development requires the ability of reconciling conflicting updates to the code made independently. A specific case occurs when long living feature branches are integrated to a rapid changing code base. In this scenario, every integration test will require to manually resolve the same conflicts at every iteration. In this paper we propose a framework for automating the detection and resolution of conflicts in the code updated by distinct developers, one of which may be a code generator. The tool learns how to solve conflicts from past experience and applies resolutions, encoded as replacement regular expressions, to conflicts not seen before. Experiments show that the number of automatically resolved conflicts and the quality of the solution increase as the system acquires experience.

show abstract

Automatic clustering of code changes

Cited by 30 publications

References 57 publications

SPIDER: Enabling Fast Patch Propagation In Related Software Repositories

SPIDER: Enabling Fast Patch Propagation In Related Software Repositories

Mining Change Histories for Unknown Systematic Edits

Almost Rerere: An Approach for Automating Conflict Resolution from Similar Resolved Conflicts

Contact Info

Product

Resources

About