Visible to the public Source File Set Search for Clone-and-Own Reuse Analysis

TitleSource File Set Search for Clone-and-Own Reuse Analysis
Publication TypeConference Paper
Year of Publication2017
AuthorsIshio, T., Sakaguchi, Y., Ito, K., Inoue, K.
Conference Name2017 IEEE/ACM 14th International Conference on Mining Software Repositories (MSR)
Date Publishedmay
KeywordsAndroid (operating system), Android source code, b-bit minwise hashing technique, clone-and-own reuse analysis, Cloning, component extraction, cryptography, data mining, Debian GNU package, Debian Linux package, directory names, efficient file similarity computation, file clone detection, Firefox source code, Information Reuse, origin analysis, pubcrawl, Resiliency, security, security vulnerabilities, SHA-1 file hash, Software, software ecosystem, software packages, software reusability, Software reuse, source code (software), source code repositories, source code reuse, source code search, source file set search, source files, version control system
AbstractClone-and-own approach is a natural way of source code reuse for software developers. To assess how known bugs and security vulnerabilities of a cloned component affect an application, developers and security analysts need to identify an original version of the component and understand how the cloned component is different from the original one. Although developers may record the original version information in a version control system and/or directory names, such information is often either unavailable or incomplete. In this research, we propose a code search method that takes as input a set of source files and extracts all the components including similar files from a software ecosystem (i.e., a collection of existing versions of software packages). Our method employs an efficient file similarity computation using b-bit minwise hashing technique. We use an aggregated file similarity for ranking components. To evaluate the effectiveness of this tool, we analyzed 75 cloned components in Firefox and Android source code. The tool took about two hours to report the original components from 10 million files in Debian GNU/Linux packages. Recall of the top-five components in the extracted lists is 0.907, while recall of a baseline using SHA-1 file hash is 0.773, according to the ground truth recorded in the source code repositories.
DOI10.1109/MSR.2017.19
Citation Keyishio_source_2017