Transferring Code-Clone Detection and Analysis to Practice.

During software development, code clones are commonly produced, in the form of a number of the same or similar code fragments spreading within one or many large code bases. Numerous research projects have been carried out on empirical studies or tool support for detecting or analyzing code clones. However, in practice, few such research projects have resulted in substantial industry adoption. In this paper, we report our experiences of transferring XIAO, a code-clone detection and analysis approach and its supporting tool, to broad industrial practices: (1) shipped in Visual Studio 2012, a widely used industrial IDE; (2) deployed and intensively used at the Microsoft Security Response Center. According to our experiences, technology transfer is a rather complicated journey that needs significant efforts from both the technical aspect and social aspect. From the technical aspect, significant efforts are needed to adapt a research prototype to a product-quality tool that addresses the needs of real scenarios, to be integrated into a mainstream product or development process. From the social aspect, there are strong needs to interact with practitioners to identify killer scenarios in industrial settings, figure out the gap between a research prototype and a tool fitting the needs of real scenarios, to understand the requirements of releasing with a mainstream product, being integrated into a development process, understanding their release cadence, etc.