Over the last decade many techniques and tools for software clone detection have been proposed. In this paper, we provide a qualitative comparison and evaluation of the current state-of-the-art in clone detection techniques and tools, and organize the large amount of information into a coherent conceptual framework. We begin with background concepts, a generic clone detection process and an overall taxonomy of current techniques and tools. We then classify, compare and evaluate the techniques and tools in two different dimensions. First, we classify and compare approaches based on a number of facets, each of which has a set of (possibly overlapping) attributes. Second, we qualitatively evaluate the classified techniques and tools with respect to a taxonomy of editing scenarios designed to model the creation of Type-1, Type-2, Type-3 and Type-4 clones. Finally, we provide examples of how one might use the results of this study to choose the most appropriate clone detection tool or technique in the context of a particular set of goals and constraints. The primary contributions of this paper are: (1) a schema for classifying clone detection techniques and tools and a classification of current clone detectors based on this schema, and (2) a taxonomy of editing scenarios that produce different clone types and a qualitative evaluation of current clone detectors based on this taxonomy.

The area of clone detection has considerably evolved over the last decade, leading to approaches with better results, but at the same time using more elaborate algorithms and tool chains. In our opinion a level has been reached, where the initial investment required to setup a clone detection tool chain and the code infrastructure required for experimenting with new heuristics and algorithms seriously hampers the exploration of novel solutions or specific case studies. As a solution, this paper presents CloneDetective, an open source framework and tool chain for clone detection, which is especially geared towards configurability and extendability and thus supports the preparation and conduction of clone detection research. 1. Customizable Clone-Detection

Abstract—Clones are generally considered bad programming practice in software engineering folklore. They are identified as a bad smell and a major contributor to project maintenance difficulties. Clones inherently cause code bloat, thus increasing project size and maintenance costs. In this work, we try to validate the conventional wisdom empirically to see whether cloning makes code more defect prone. This paper analyses relationship between cloning and defect proneness. We find that, first, the great majority of bugs are not significantly associated with clones. Second, we find that clones may be less defect prone than non-cloned code. Finally, we find little evidence that clones with more copies are actually more error prone. Our findings do not support the claim that clones are really a “bad smell”. Perhaps we can clone, and breathe easy, at the same time. Keywords-software clone; empirical software engineering; software maintenance; software evolution; I.

In this paper, we introduce a technique for applying Independent Component Analysis to vector space representations of software code fragments such as methods or blocks. The distance between these points can be determined, and used as a measure of the similarity between the original source code fragments they represent. It can be reasoned that if the initial matrix representation contains enough information about the syntactic structure of the source code, the vector space representation will be sufficient to predict the similarity of fragments to one another, and can provide the likelihood that the code is a clone. 1.

Due to their pivotal role in software engineering, considerable effort is spent on the quality assurance of software requirements specifications. As they are mainly described in natural language, relatively few means of automated quality assessment exist. However, we found that clone detection, a technique widely applied to source code, is promising to assess one important quality aspect in an automated way, namely redundancy that stems from copy&paste operations. This paper describes a large-scale case study that applied clone detection to 28 requirements specifications with a total of 8,667 pages. We report on the amount of redundancy found in real-world specifications, discuss its nature as well as its consequences and evaluate in how far existing code clone detection approaches can be applied to assess the quality of requirements specifications in practice.

Clone support can be useful for the quality and maintenance of software projects. Significant research has been done in locating code clones but not much effort has been put in tracking “Copy and Paste ” operations even though these operations are the primary source for clone formation. We design and implement a code editor named CSeR, which keeps record of clones created by “Copy and Paste”, and tracks and visualizes the changes made to a new clone with distinct colors. Syntax Trees (ASTs) for a pair of clones incrementally as edits are made to the code. This incremental approach makes CSeR unique and more accurate than other similar tools. An empirical study was conducted with 37 test cases collected from industry and research projects to test the robustness and usefulness of the tool. A total of 533 changes were identified and categorized into 20 different types. A comparative study with related tools is included, which demonstrates the uniqueness of CSeR. Finally, some potential extensions

We argument three positions: 1) independently developed semantically similar code is unlikely to be representationally similar, 2) existing clone detection approaches are ill-suited for detecting such similarities and 3) dynamic clone detection is a promising approach to detect semantically similar yet representationally different code. Numerous clone detection approaches have been proposed [4]. They differ in many aspects. However, all of them use the same fundamental detection approach, namely to statically search a suitable representation of a program for similar parts. Independent of whether they work on text, tokens, ASTs, PDGs or models [1], they are thus limited to detection of code clones with similar representation. This works well for clones created by copy&paste, since

Recent studies have attempted to evaluate the benefits and drawbacks of using aspect-oriented programming to modularize exception handling code. In spite of their many interesting findings, these studies have not reached a consensus when it comes to the impact of aspectization on exception handler reuse. In fact, their results are sometimes in direct contradiction.In this paper we describe a study aiming to answer the question of whether AOP really promotes the implementation of reusable exception handling. We analyze reuse in a specific context: in terms of the number of duplicated or very similar error handlers that can be removed from a program when extracting error handling code to aspects. Our study targets three industrial-strength, medium-size software systems from different domains and employs a comprehensive set of concern-specific metrics.

During software development, engineers often reuse a code fragment via copy-and-paste with or without modifications or adaptations. Such practices lead to a number of the same or similar code fragments spreading within one or many large codebases. Detecting code clones has been shown to be useful towards security such as detection of similar security bugs and, more generally, quality improvement such as refactoring of code clones. A large number of academic research projects have been carried out on empirical studies or tool supports for detecting code clones. In this paper, we report our experiences of carrying out successful technology transfer of our new approach of code-clone detection, called XIAO. XIAO has been integrated into Microsoft Visual Studio 2012, to be benefiting a huge number of developers in industry. The main success factors of XIAO include its high tunability, scalability, compatibility, and explorability. Based on substantial industrial experiences, we present the XIAO approach with emphasis on these success factors of XIAO. We also present empirical results on applying XIAO on real scenarios within Microsoft for the tasks of security-bug detection and refactoring.

Link(s) to article on publisher’s website: