hatari: raising risk awareness
DESCRIPTION
Demonstrated at ESEC/FSE 2005.TRANSCRIPT
HATARIRaising Risk Awareness
Movie withJohn Wayne
(1962)
Swahili for “Danger”
Jacek Sliwerski, Thomas Zimmermann, and Andreas ZellerSaarland University
What is Risk?
resolveClasspath()/* (non-Javadoc) * @see org.eclipse.jdt.launching.IRuntimeClasspathProvider#resolveClasspath * (org.eclipse.jdt.launching.IRuntimeClasspathEntry[], org.eclipse.debug.core.ILaunchConfiguration) */public IRuntimeClasspathEntry[] resolveClasspath(IRuntimeClasspathEntry[] entries, ILaunchConfiguration configuration) throws CoreException { List all = new ArrayList(entries.length); for (int i = 0; i < entries.length; i++) { switch (entries[i].getType()) { case IRuntimeClasspathEntry.PROJECT: // a project resolves to itself for source lookup (rather than the class file output locations) all.add(entries[i]); break; case IRuntimeClasspathEntry.OTHER: IRuntimeClasspathEntry2 entry = (IRuntimeClasspathEntry2)entries[i]; if (entry.getTypeId().equals(DefaultProjectClasspathEntry.TYPE_ID)) { // add the resolved children of the project IRuntimeClasspathEntry[] children = entry.getRuntimeClasspathEntries(configuration); IRuntimeClasspathEntry[] res = JavaRuntime.resolveSourceLookupPath(children, configuration); for (int j = 0; j < res.length; j++) { all.add(res[j]); } } break; default: IRuntimeClasspathEntry[] resolved =JavaRuntime.resolveRuntimeClasspathEntry(entries[i], configuration); for (int j = 0; j < resolved.length; j++) { all.add(resolved[j]); } break; } } return (IRuntimeClasspathEntry[])all.toArray(new IRuntimeClasspathEntry[all.size()]);}
9 changes,all of them fixes
8 fix-inducing changesone re-implementation
Fix-Inducing Changes
Fix-Inducing Changes areChanges that lead to problems as indicated by later fixes.
Example:...if (foo==null) { foo.bar();
FIX-INDUCING
...if (foo!=null) { foo.bar();
FIX
Later:
Locate Fix-Inducing ChangesHow to
$ cvs annotate -r 1.17 Foo.java ...19: 1.11 (john 12-Feb-03): public int a() {20: 1.11 (john 12-Feb-03): return i/0; ...39: 1.10 (mary 12-Jan-03): public int b() {40: 1.14 (kate 23-May-03): return 42; ...59: 1.10 (mary 17-Jan-03): public void c() {60: 1.16 (mary 10-Jun-03): int i=0;
$ cvs annotate -r 1.17 Foo.java
Locate Fix-Inducing ChangesHow to
1.18
Fixed Bug
42233
Changed:
a() b() c()
20 40 60line
Locate Fix-Inducing Changes $ cvs annotate -r 1.17 Foo.java
20: 1.11 (john 12-Feb-03): return i/0;40: 1.14 (kate 23-May-03): return 42;60: 1.16 (mary 10-Jun-03): int i=0;
How to
1.11 1.161.14
a() was
changed
c() was
changed
b() was
changed
1.18
Fixed Bug
42233
Changed:
a() b() c()FIX-INDUCING FIX-INDUCINGFIX-INDUCING
1.11 1.161.14
a() was
changed
c() was
changed
b() was
changed
1.18
Fixed Bug
42233
Changed:
a() b() c()
Bug 42233 was reported. closed.
1.11
a() was
changed
Locate Fix-Inducing Changes $ cvs annotate -r 1.17 Foo.java
20: 1.11 (john 12-Feb-03): return i/0;40: 1.14 (kate 23-May-03): return 42;60: 1.16 (mary 10-Jun-03): int i=0;
How to
FIX-INDUCING FIX-INDUCINGFIX-INDUCING
REMOVE FALSE POSITIVES
A Measure for Risk
risk(L) is the (past) risk for a location L
risk(L) = # Fix-Inducing Changes to L
# Changes to L
“BAD” Changes
based on Fix-Inducing Changes
How to Predict Future Risk
0
0.1
0.2
0.3
0.4
0.5
0 1 2 3 4 5 6 7 8 9 10
Number of upcoming changes
Correlation
How to Predict Future Risk
0
0.1
0.2
0.3
0.4
0.5
0 1 2 3 4 5 6 7 8 9 10
McCabe Cyclomatic Complexity
Number of upcoming changes
Correlation
How to Predict Future Risk
0
0.1
0.2
0.3
0.4
0.5
0 1 2 3 4 5 6 7 8 9 10
Nested Block DepthMcCabe Cyclomatic Complexity
Number of upcoming changes
Correlation
How to Predict Future Risk
0
0.1
0.2
0.3
0.4
0.5
0 1 2 3 4 5 6 7 8 9 10
Past RiskNested Block DepthMcCabe Cyclomatic Complexity
Number of upcoming changes
Correlation
Demo: HATARI
HATARI: Risky Locations
LocationPast Risk Values
Granularities
HATARI: Annotations
“Safe” Location(green)
Risky Location(dark red)
HATARI: Risk HistoryBug, fix, or both?
Bug information
Change information
Conclusion
Fix-inducing changes are a measure for (past) risk.
HATARI makes risk visible for developers.
HATARI will be open source (Nov 1)http://www.st.cs.uni-sb.de/softevo/