Nav: Home

Study finds auto-fix tool gets more programmers to upgrade code

October 16, 2017

Failure to make necessary upgrades to software code can have dire consequences, such as the major data breach at Equifax. A recent study finds that auto-fix tools are effective ways to get programmers to make the relevant upgrades - if programmers opt to use them.

"Most software programs rely, in part, on code in external 'libraries' to perform some of their functions," says Chris Parnin, an assistant professor of computer science at North Carolina State University and senior author of a paper on the work. "If those external libraries are modified to address flaws, programmers need to update their internal code to account for the changes. This is called 'upgrading an out-of-date dependency.' However, for various reasons, many programmers procrastinate, putting off the needed upgrades.

"This is what happened at Equifax," Parnin says. "An external library they relied on had made public that it contained a security flaw. And while the external library was patched, Equifax never got around to updating its internal code. So months after the problem was identified, Equifax was still vulnerable and got hacked.

"Our goal with this project was to assess tools designed to get more programmers to upgrade their out-of-date dependencies. Could they help prevent another Equifax?"

For this study, the researchers looked at thousands of open-source projects on GitHub, an online programming community that fosters collaboration on open-source software projects. Specifically, the researchers looked at different means projects used to incentivize or facilitate upgrades and whether those incentives made any difference.

One group consisted of 2,578 projects that utilized automated pull requests, which notified project owners of needed upgrades to out-of-date dependencies, proposed potential code changes, and ran a small battery of tests to determine if the replacement code was viable. These project owners were still required to approve the changes or modify updated code if it failed initial viability tests.

A second group consisted of 1,273 projects that did not utilize incentives to upgrade out-of-date dependencies.

The researchers found that projects with automated pull requests made 60 percent more of the necessary upgrades than projects that didn't use incentives.

"We also found that the majority of automated pull request projects were using the most up-to-date versions of dependent software, whereas the unincentivized projects were all over the map," Parnin says. "The take-home message here is that we have automated tools that can help programmers keep up with upgrades. These tools can't replace good programmers, but they can make a significant difference. However, it's still up to programmers to put these tools in place and make use of them."
-end-
The paper, "Can Automated Pull Requests Encourage Software Developers to Upgrade Out-of-Date Dependencies?", will be presented at the IEEE/ACM International Conference on Automated Software Engineering, Oct. 30-Nov. 3 at the University of Illinois at Urbana-Champaign, Ill. Lead author of the paper is Samim Mirhosseini, an undergraduate at NC State. Mirhosseini's work on the project was supported by a Research Experience for Undergraduates grant from the National Science Foundation.

North Carolina State University

Related Programmers Articles:

Computer scientists create reprogrammable molecular computing system
Caltech researchers have designed self-assembling DNA molecules with unprecedented reprogrammability.
Study reveals the hidden contributions of women to a branch of science
A new study by San Francisco State University researchers shows that it's possible to reveal women's once-hidden scientific work by analyzing decades-old research papers in the field of theoretical population biology.
A system purely for developing high-performance, big data codes
PlinyCompute, a big data platform designed specifically for developing high-performance and data-intensive codes, will be unveiled by Rice University computer scientists at this week's 2018 ACM SIGMOD conference in Houston.
Rice U. turns deep-learning AI loose on software development
Computer scientists at Rice University have created a deep-learning, software-coding application that can help human programmers by writing chunks of code in response to keywords.
Metagenomic analysis software reveals new causes of superbug emergence
Researchers from ITMO University and Center of Physical and Chemical Medicine developed an algorithm capable of tracking the spread of antibiotic resistance genes in gut microbiota DNA and revealed additional evidence of resistance genes transfer between different bacterial species.
Kent State professor receives NSF grant to develop eye-tracking software
Jonathan Maletic, Ph.D., professor in the Department of Computer Science in the College of Arts and Sciences at Kent State University, has received a three-year, $290,610 grant from the National Science Foundation (NSF) to help support basic research on how programmers write and develop large-scale software systems.
New techniques boost performance of non-volatile memory systems
Computer engineering researchers have developed new software and hardware designs that should limit programming errors and improve system performance in devices that use non-volatile memory technologies.
Study finds auto-fix tool gets more programmers to upgrade code
Failure to make necessary upgrades to software code can have dire consequences, such as the major data breach at Equifax.
System automatically modifies code for transfer to other programs
Researchers at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) have developed a new system that allows programmers to transplant code from one program into another.
Algorithm uses Instagram posts to advise tourists on attractions most favoured by locals
Programmers from ITMO University created a computer algorithm that allows tourists to find places of interest that are most popular with locals based on their instagram posts.
More Programmers News and Programmers Current Events

Top Science Podcasts

We have hand picked the top science podcasts of 2019.
Now Playing: TED Radio Hour

In & Out Of Love
We think of love as a mysterious, unknowable force. Something that happens to us. But what if we could control it? This hour, TED speakers on whether we can decide to fall in — and out of — love. Guests include writer Mandy Len Catron, biological anthropologist Helen Fisher, musician Dessa, One Love CEO Katie Hood, and psychologist Guy Winch.
Now Playing: Science for the People

#543 Give a Nerd a Gift
Yup, you guessed it... it's Science for the People's annual holiday episode that helps you figure out what sciency books and gifts to get that special nerd on your list. Or maybe you're looking to build up your reading list for the holiday break and a geeky Christmas sweater to wear to an upcoming party. Returning are pop-science power-readers John Dupuis and Joanne Manaster to dish on the best science books they read this past year. And Rachelle Saunders and Bethany Brookshire squee in delight over some truly delightful science-themed non-book objects for those whose bookshelves are already full. Since...
Now Playing: Radiolab

An Announcement from Radiolab