Extracting a unified directory tree to compare similar software products

Sakaguchi, Yusuke; Ishio, Takashi; Kanda, Takahiro; Inoue, Katsuro

doi:10.1109/vissoft.2015.7332430

Cited by 2 publications

(1 citation statement)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Duszynski [27] proposed a code comparison tool to analyze source code commonalities from a number of similar product variants. Sakaguchi et al [28] also proposed a code comparison tool that visualizes a unified directory tree for source files of several products. Fischer et al [29] proposed to extract common components from existing product variants and compose a new product.…”

Section: A Code Clone Detectionmentioning

confidence: 99%

Source File Set Search for Clone-and-Own Reuse Analysis

Ishio

Sakaguchi

Ito

et al. 2017

2017 IEEE/ACM 14th International Conference on Mining Software Repositories (MSR)

Self Cite

View full text Add to dashboard Cite

Clone-and-own approach is a natural way of source code reuse for software developers. To assess how known bugs and security vulnerabilities of a cloned component affect an application, developers and security analysts need to identify an original version of the component and understand how the cloned component is different from the original one. Although developers may record the original version information in a version control system and/or directory names, such information is often either unavailable or incomplete. In this research, we propose a code search method that takes as input a set of source files and extracts all the components including similar files from a software ecosystem (i.e., a collection of existing versions of software packages). Our method employs an efficient file similarity computation using b-bit minwise hashing technique. We use an aggregated file similarity for ranking components. To evaluate the effectiveness of this tool, we analyzed 75 cloned components in Firefox and Android source code. The tool took about two hours to report the original components from 10 million files in Debian GNU/Linux packages. Recall of the topfive components in the extracted lists is 0.907, while recall of a baseline using SHA-1 file hash is 0.773, according to the ground truth recorded in the source code repositories.

show abstract

Section: A Code Clone Detectionmentioning

confidence: 99%