CeBIT: Development model predicts coding flaws

Researchers from a German university have developed a model to predict programming errors in applications.


Researchers from a German university have developed a model to predict programming errors in applications.

The method has the potential to save software companies money by allowing them to isolate parts of their code that need more rigorous testing, said Kim Herzig, a researcher at the Universit├Ąt des Saarlandes in Saarbr├╝cken, who wrote his master's thesis on the project.

"We try to find which aspects of code correlate to defects in the past," Herzig said.

Software companies rarely test every single line of code in their software. Testing is expensive, and companies are under pressure to release products. But fixing bugs after a product has been released is also expensive and inconvenient for customers, Herzig said.

The model is tailored to a specific software program undergoing an upgrade. The program's version history and bug reports are analysed. The source code is also examined to find out how modules within the software interact with each other.

The model also looks at how the developers communicated with one another, examining their e-mail, instant message conversation and discussions on forums.

"We try to mine these sources and find out if there are certain patterns and behaviors of the developers that correlate with defects," Herzig said.

Researchers then use statistical analysis to build the predication model. It does not uncover the number of defects or precisely where those defects may be in the code. Instead, the model will indicate, for example, that a section of code has a 70 percent probability of containing a defect, Herzig said.

The university's work has gained the attention of software giants SAP and Microsoft, both of which have invited researchers to test the model on their software. Since the work involves looking at source code - which is considered highly valuable intellectual property - the university's researchers went to the companies' facilities and signed non-disclosure agreements, Herzig said.

The invitations are welcome, as the model still needs fine tuning, Herzig said. Other interest has come from IBM, which gave the researchers US$25,000 to see how the model can be applied to Jazz, a project focused on building a collaboration platform for software development, he said.

"Recommended For You"

What is DevSecOps and why should your business care? Preventing the nightmare scenario: Software quality for IT projects