Bisection (software engineering)

Last updated August 04, 2022

Bisection is a method used in software development to identify change sets that result in a specific behavior change. It is mostly employed for finding the patch that introduced a bug. Another application area is finding the patch that indirectly fixed a bug.

Overview

The process of locating the changeset that introduced a specific regression was described as "source change isolation" in 1997 by Brian Ness and Viet Ngo of Cray Research. Regression testing was performed on Cray's compilers in editions comprising one or more changesets. Editions with known regressions could not be validated until developers addressed the problem. Source change isolation narrowed the cause to a single changeset that could then be excluded from editions, unblocking them with respect to this problem, while the author of the change worked on a fix. Ness and Ngo outlined linear search and binary search methods of performing this isolation.^[1]

Code bisection has the goal of minimizing the effort to find a specific change set. It employs a divide and conquer algorithm that depends on having access to the code history which is usually preserved by revision control in a code repository.

Bisection method

Code bisection algorithm

Code history has the structure of a directed acyclic graph which can be topologically sorted. This makes it possible to use a divide and conquer search algorithm which:

splits up the search space of candidate revisions
tests for the behavior in question
reduces the search space depending on the test result
re-iterates the steps above until a range with at most one bisectable patch candidate remains

Algorithmic complexity

Bisection is in LSPACE having an algorithmic complexity of $O(\log N)$ with $N$ denoting the number of revisions in the search space, and is similar to a binary search.

Desirable repository properties

For code bisection it is desirable that each revision in the search space can be built and tested independently.

Monotonicity

For the bisection algorithm to identify a single changeset which caused the behavior being tested to change, the behavior must change monotonically across the search space. For a Boolean function such as a pass/fail test, this means that it only changes once across all changesets between the start and end of the search space.

If there are multiple changesets across the search space where the behavior being tested changes between false and true, then the bisection algorithm will find one of them, but it will not necessarily be the root cause of the change in behavior between the start and the end of the search space. The root cause could be a different changeset, or a combination of two or more changesets across the search space. To help deal with this problem, automated tools allow specific changesets to be ignored during a bisection search.

Automation support

Although the bisection method can be completed manually, one of its main advantages is that it can be easily automated.^[1] It can thus fit into existing test automation processes: failures in exhaustive automated regression tests can trigger automated bisection to localize faults. Ness and Ngo focused on its potential in Cray's continuous delivery-style environment in which the automatically isolated bad changeset could be automatically excluded from builds.^[2]

The revision control systems Fossil, Git and Mercurial have built-in functionality for code bisection.^[3]^[4]^[5] The user can start a bisection session with a specified range of revisions from which the revision control system proposes a revision to test, the user tells the system whether the revision tested as "good" or "bad", and the process repeats until the specific "bad" revision has been identified. Other revision control systems, such as Bazaar or Subversion, support bisection through plugins^[6] or external scripts.^[7]

Phoronix Test Suite can do bisection automatically to find performance regressions.

Related Research Articles

Regression testing is re-running functional and non-functional tests to ensure that previously developed and tested software still performs after a change. If not, that would be called a regression.

In computer programming, unit testing is a software testing method by which individual units of source code—sets of one or more computer program modules together with associated control data, usage procedures, and operating procedures—are tested to determine whether they are fit for use.

A programming tool or software development tool is a computer program that software developers use to create, debug, maintain, or otherwise support other programs and applications. The term usually refers to relatively simple programs, that can be combined to accomplish a task, much as one might use multiple hands to fix a physical object. The most basic tools are a source code editor and a compiler or interpreter, which are used ubiquitously and continuously. Other tools are used more or less depending on the language, development methodology, and individual engineer, often used for a discrete task, like a debugger or profiler. Tools may be discrete programs, executed separately – often from the command line – or may be parts of a single large program, called an integrated development environment (IDE). In many cases, particularly for simpler use, simple ad hoc techniques are used instead of a tool, such as print debugging instead of using a debugger, manual timing instead of a profiler, or tracking bugs in a text file or spreadsheet instead of a bug tracking system.

A patch is a set of changes to a computer program or its supporting data designed to update, fix, or improve it. This includes fixing security vulnerabilities and other bugs, with such patches usually being called bugfixes or bug fixes. Patches are often written to improve the functionality, usability, or performance of a program. The majority of patches are provided by software vendors for operating system and application updates.

GNU arch software is a distributed revision control system that is part of the GNU Project and licensed under the GNU General Public License. It is used to keep track of the changes made to a source tree and to help programmers combine and otherwise manipulate changes made by multiple people or at different times.

In software testing, test automation is the use of software separate from the software being tested to control the execution of tests and the comparison of actual outcomes with predicted outcomes. Test automation can automate some repetitive but necessary tasks in a formalized testing process already in place, or perform additional testing that would be difficult to do manually. Test automation is critical for continuous delivery and continuous testing.

Monotone is an open source software tool for distributed revision control.

Fuzzing Automated software testing technique

In programming and software development, fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks. Typically, fuzzers are used to test programs that take structured inputs. This structure is specified, e.g., in a file format or protocol and distinguishes valid from invalid input. An effective fuzzer generates semi-valid inputs that are "valid enough" in that they are not directly rejected by the parser, but do create unexpected behaviors deeper in the program and are "invalid enough" to expose corner cases that have not been properly dealt with.

Git is software for tracking changes in any set of files, usually used for coordinating work among programmers collaboratively developing source code during software development. Its goals include speed, data integrity, and support for distributed, non-linear workflows.

In software engineering, continuous integration (CI) is the practice of merging all developers' working copies to a shared mainline several times a day. Grady Booch first proposed the term CI in his 1991 method, although he did not advocate integrating several times a day. Extreme programming (XP) adopted the concept of CI and did advocate integrating more than once per day – perhaps as many as tens of times per day.

In software development, distributed version control is a form of version control in which the complete codebase, including its full history, is mirrored on every developer's computer. Compared to centralized version control, this enables automatic management branching and merging, speeds up most operations, improves the ability to work offline, and does not rely on a single location for backups. Git, the world's most popular version control system, is a distributed version control system.

Mantis Bug Tracker is a free and open source, web-based bug tracking system. The most common use of MantisBT is to track software defects. However, MantisBT is often configured by users to serve as a more generic issue tracking system and project management tool.

The following is a comparison of version-control software. The following tables include general and technical information on notable version control and software configuration management (SCM) software. For SCM software not suitable for source code, see Comparison of open-source configuration-management software.

OpenGrok is a source code search and cross-reference engine. It helps programmers to search, cross-reference, and navigate source code trees to aid code comprehension.

A software regression is a type of software bug where a feature that has worked before stops working. This may happen after changes are applied to the software's source code, including the addition of new features and bug fixes. They may also be introduced by changes to the environment in which the software is running, such as system upgrades, system patching or a change to daylight saving time. A software performance regression is a situation where the software still functions correctly, but performs more slowly or uses more memory or resources than before. Various types of software regressions have been identified in practice, including the following:

Fisheye is a revision-control browser and search engine owned by Atlassian, Inc. Although Fisheye is a commercial product, it is freely available to open source projects and non-profit institutions. In addition to the advanced search and diff capabilities, it provides:

In computer programming and software development, debugging is the process of finding and resolving bugs within computer programs, software, or systems.

Delta Debugging is a methodology to automate the debugging of programs using a scientific approach of hypothesis-trial-result loop. This methodology was first developed by Andreas Zeller of the Saarland University in 1999.

American fuzzy lop (AFL), stylized in lowercase as american fuzzy lop, is a free software fuzzer that employs genetic algorithms in order to efficiently increase code coverage of the test cases. So far it has detected dozens of significant software bugs in major free software projects, including X.Org Server, PHP, OpenSSL, pngcrush, bash, Firefox, BIND, Qt, and SQLite.

Automatic bug-fixing is the automatic repair of software bugs without the intervention of a human programmer. It is also commonly referred to as automatic patch generation, automatic bug repair, or automatic program repair. The typical goal of such techniques is to automatically generate correct patches to eliminate bugs in software programs without causing software regression.

References

1 2 Ness, Brian; Ngo, Viet (1997). Regression containment through source change isolation. Computer Software and Applications Conference. IEEE. doi:10.1109/CMPSAC.1997.625082.
↑ Zeller, Andreas (1999). Yesterday, my program worked. Today, it does not. Why?. European Software Engineering Conference. Toulouse, France. doi:10.1145/318774.318946.
↑ "Fossil: Help: bisect". www.fossil-scm.org. Retrieved 2020-09-03.
↑ "git-bisect(1)". git-scm.com. Retrieved 2017-08-05.
↑ "hg". Selenic.com. Retrieved 2017-01-09.
↑ "bisect - Find the revision introducing a bug using a binary search — Bazaar 2.8.0dev1 documentation". Doc.bazaar.canonical.com. Retrieved 2017-01-09.
↑ "svn-bisect". Metacpan.org. Retrieved 2022-08-03.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[Ness_97-1] 1 2 Ness, Brian; Ngo, Viet (1997). Regression containment through source change isolation. Computer Software and Applications Conference. IEEE. doi:10.1109/CMPSAC.1997.625082.

[Zeller_99-2] Zeller, Andreas (1999). Yesterday, my program worked. Today, it does not. Why?. European Software Engineering Conference. Toulouse, France. doi:10.1145/318774.318946.

[3] "Fossil: Help: bisect". www.fossil-scm.org. Retrieved 2020-09-03.

[4] "git-bisect(1)". git-scm.com. Retrieved 2017-08-05.

[5] "hg". Selenic.com. Retrieved 2017-01-09.

[6] "bisect - Find the revision introducing a bug using a binary search — Bazaar 2.8.0dev1 documentation". Doc.bazaar.canonical.com. Retrieved 2017-01-09.

[7] "svn-bisect". Metacpan.org. Retrieved 2022-08-03.

[1]

[2]

[3]

[4]

[5]

[6]

[7]