A Bug Inducing Commit (BIC) is a commit that introduces a software bug into the codebase. Knowing the relevant BIC for a given bug can provide valuable information for debugging as well as bug triaging. However, existing BIC identification techniques are either too expensive (because they require the failing tests to be executed against previous versions for bisection) or inapplicable at the debugging time (because they require post hoc artefacts such as bug reports or bug fixes). We propose Fonte, an efficient and accurate BIC identification technique that only requires test coverage. Fonte combines Fault Localisation (FL) with BIC identification and ranks commits based on the suspiciousness of the code elements that they modified. Fonte reduces the search space of BICs using failure coverage as well as a filter that detects commits that are merely style changes. Our empirical evaluation using 130 real-world BICs shows that Fonte significantly outperforms state-of-the-art BIC identification techniques based on Information Retrieval as well as neural code embedding models, achieving at least 39% higher MRR. We also report that the ranking scores produced by Fonte can be used to perform weighted bisection, further reducing the cost of BIC identification. Finally, we apply Fonte to a large-scale industry project with over 10M lines of code, and show that it can rank the actual BIC within the top five commits for 87% of the studied real batch-testing failures, and save the BIC inspection cost by 32% on average.

翻译：摘要：引入缺陷的提交（Bug Inducing Commit, BIC）是指将软件漏洞引入代码库的提交。对于给定的缺陷，识别其相关的BIC可为调试和缺陷分类提供重要信息。然而，现有BIC识别技术要么成本过高（需对先前版本执行失败测试以进行二分查找），要么在调试阶段不适用（需依赖事后生成的缺陷报告或修复补丁）。我们提出Fonte方法，这是一种仅需测试覆盖信息的高效且精确的BIC识别技术。Fonte将故障定位（Fault Localisation, FL）与BIC识别相结合，根据提交所修改代码元素的疑难度对提交进行排序。该方法利用失败覆盖信息缩小BIC搜索空间，并采用过滤器剔除仅涉及代码风格变更的提交。基于130个真实世界BIC的实证评估表明，Fonte显著优于基于信息检索和神经代码嵌入模型的最新BIC识别技术，MRR值至少提升39%。我们还发现，Fonte生成的排序分数可用于加权二分查找，进一步降低BIC识别成本。最后，我们在超过1000万行代码的大型工业项目中应用Fonte，结果显示，在87%的实际批测试失败案例中，该方法能将真实BIC排在前五位，平均节省32%的BIC检查成本。