A Predictive Method to Swat Buggy Software

Primary Investigator: Dr. Jianwei Niu, The University of Texas at San Antonio

Buggy software costs money, wastes time and can cause sometimes fatal errors. A team at the University of Texas at San Antonio is working on a program that can tell whether a software program is likely to be glitchy.

Jianwei Niu, professor of computer science; associate professor Xiaoyin Wang; and assistant professor of practice Rocky Slavin are developing what they call pattern-based measurement model for improving software reliability.

They are using FindBugs and SpotBugs, which open-source code analyzers, to first find the bugs in software. Then they have been analyzing the patterns of the bugs they find to create a computer model that will predict a program’s overall bugginess.

“We are trying to quantify the vulnerability, the risk. In order to do that, we developed this framework from existing tools to help us,” Slavin said.

“If you give us a new piece of software we will let you know whether it has vulnerabilities and how serious these could be,” added Niu.

It’s possible to do this now, but it is tedious. “Currently, finding the correlation between buggy-code patterns and reliability aspects is a manual process,” the team wrote in a summary of their work.

Having reliable software is especially important for the military, they said. “Various software systems have been employed by warfighters to acquire, process, and communicate information on the battlefield,” they wrote. It needs to be reliable. And it needs to be able to handle additions to the software. “When a new component is added, the defects in software may increase,” the UTSA team pointed out.

Niu’s team got two-thirds of the way through designing the program with an MSRDC research grant. “With more funding will automate the whole framework,” she said.

It would be simple to use, just some software downloaded onto a computer or smartphone, Slavin said.

“In its final form it would be a program you install on your device. Then you would install the software you want to measure.” The program would deliver a score predicting potential bugginess, he said. “It’s up to the end user what level of risk they are comfortable with,” he added.