An Empirical Study on Bugs in PHP

Abstract

PHP (Hypertext Preprocessor) is a scripting language that has been widely used in web development. This paper conducts an empirical study on bugs in PHP. By analyzing 35,921 bug reports, 6524 revisions, and root causes of randomly selected 500 bugs, we find that: (1) Among all the 385 versions involved in these bugs, there are the most bugs in PHP 4.0.4, PHP 4.0.6, and PHP 4.0.3; Documentation bugs are mainly distributed in PHP 4.y.z and PHP 5.y.z; Security bugs are distributed primarily in the relatively later normal versions of PHP 5.y.z. (2) Documentation, Compile, and Scripting Engine packages are greatly affected by bugs; 73.71% of documentation bugs affect documentation; PHAR, EXIF, and GD are more affected by security bugs. (3) It may be not difficult to repair most bugs since the number of modified lines of code and files are limited; However, nearly 11% of bugs need more than one year to repair; Compared with documentation bugs, security bugs are more difficult to be repaired; The duration of bugs in PHP 8.y.z is shorter than in other versions. (4) Semantic bugs and documentation bugs are the more common root causes of bugs than others. Besides, among semantic bugs, the “Missing Features” bugs and “Processing” bugs are more than others. These results could indicate some potential problems during the detecting and repairing of PHP’s bugs. These findings reveal some laws of bugs in PHP. It could assist developers of PHP in improving their development quality, assist maintainers of PHP in detecting and repairing bugs more effectively, and suggest users of PHP evade potential risks.