Demystifying Regular Expression Bugs: A comprehensive study on regular expression bug causes, fixes, and testing

TL;DR

This study empirically analyzes 356 regex-related bugs from major open-source projects, revealing that incorrect behavior is the main cause, fixes are complex, and test changes are often missing, highlighting practical challenges in regex usage.

Contribution

It provides a comprehensive classification of regex bugs, fixes, and testing practices, offering insights into real-world regex bug characteristics and developer challenges.

Findings

Incorrect regex behavior is the main root cause (46.3%).

Fixing regex bugs takes more time and code than typical bugs.

Over half of regex pull requests lack test code changes.

Abstract

Regular expressions cause string-related bugs and open security vulnerabilities for DOS attacks. However, beyond ReDoS (Regular expression Denial of Service), little is known about the extent to which regular expression issues affect software development and how these issues are addressed in practice. We conduct an empirical study of 356 merged regex-related pull request bugs from Apache, Mozilla, Facebook, and Google GitHub repositories. We identify and classify the nature of the regular expression problems, the fixes, and the related changes in the test code. The most important findings in this paper are as follows: 1) incorrect regular expression behavior is the dominant root cause of regular expression bugs (165/356, 46.3%). The remaining root causes are incorrect API usage (9.3%) and other code issues that require regular expression changes in the fix (29.5%), 2) fixing regular expression bugs is nontrivial as it takes more time and more lines of code to fix them compared to the general pull requests, 3) most (51%) of the regex-related pull requests do not contain test code changes. Certain regex bug types (e.g., compile error, performance issues, regex representation) are less likely to include test code changes than others, and 4) the dominant type of test code changes in regex-related pull requests is test case addition (75%). The results of this study contribute to a broader understanding of the practical problems faced by developers when using, fixing, and testing regular expressions.