This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Guilty or Not Guilty: Using Clone Metrics to Determine Open Source Licensing Violations
March/April 2011 (vol. 28 no. 2)
pp. 42-47
Akito Monden, Nara Institute of Science and Technology, Japan
Satoshi Okahara, Nara Institute of Science and Technology, Japan
Yuki Manabe, Osaka University
Kenichi Matsumoto, Nara Institute of Science and Technology, Japan
Unintentionally violating open source software (OSS) licenses by reusing OSS code is a serious problem for both software companies and OSS developers. The simplest intuitive way to identify such reuse is to measure code clones—duplicated code fragments—between a suspected program and an existing OSS program. The question then becomes, what is the lower bound of code clone measurements needed to conclude that the suspected program is guilty (reused code exists) and the upper bound needed to conclude that it is not guilty? In their analysis of 1,225 pairs of OSS products, the authors found 121 with reused code. They experimentally explored the boundaries for three code clone metrics: maximum clone length (MCL), number of clone pairs (NCP), and local product similarity (LSim). Using these metrics, they identified guilty, not guilty, and suspicious programs.

1. I.D. Baxter et al., "Clone Detection Using Abstract Syntax Trees," Proc. IEEE Int'l Conf. Software Maintenance, IEEE CS Press, 1998, pp. 368–377.
2. B.S. Baker, "On Finding Duplication and Near-Duplication in Large Software Systems," Proc. 2nd Working Conf. Reverse Eng., IEEE Press, 1995, pp. 86–95.
3. T. Kamiya, S. Kusumoto, and K. Inoue, "CCFinder: A Multi-Linguistic Token-Based Code Clone Detection System for Large Scale Source Code," IEEE Trans. Software Eng., vol. 28, no. 7, 2002, pp. 654–670.
4. J. Krinke, "Identifying Similar Code with Program Dependence Graphs," Proc. 8th Working Conf. Reverse Eng., IEEE Press, 2001, pp. 301–309.
5. J. Mayrand, C. Leblanc, and E.M. Merlo, "Experiment on the Automatic Detection of Function Clones in a Software System Using Metrics," Proc. Int'l Conf. Software Maintenance, IEEE CS Press, 1996, pp. 244–254.
6. S. Bellon et al., "Comparison and Evaluation of Clone Detection Tools," IEEE Trans. Software Eng., vol. 33 no. 9, 2007, pp. 577–591.
7. H. Tamada et al., "Java Birthmarks—Detecting the Software Theft," IEICE Trans. Information and Systems, vol. E88-D, no. 9, 2005, pp. 2148–2158.

Index Terms:
open source software reuse, software licensing violations, product metrics
Citation:
Akito Monden, Satoshi Okahara, Yuki Manabe, Kenichi Matsumoto, "Guilty or Not Guilty: Using Clone Metrics to Determine Open Source Licensing Violations," IEEE Software, vol. 28, no. 2, pp. 42-47, March-April 2011, doi:10.1109/MS.2010.159
Usage of this product signifies your acceptance of the Terms of Use.