Using Static Analysis to Find Bugs
read more
Citations
Learning-based Analysis on the Exploitability of Security Vulnerabilities
Two Sparsification Strategies for Accelerating Demand-Driven Pointer Analysis
Inferring Faults in Business Specifications Extracted from Source Code
Lightweight verification via specialized typecheckers
Dataset of Program Source Codes Solving Unique Programming Exercises Generated by Digital Teaching Assistant
References
A static analyzer for finding dynamic programming errors
Evaluating static analysis defect warnings on production software
Secure Programming with Static Analysis
Finding more null pointer bugs, but not too many
Evaluating and tuning a static analysis to find null pointer bugs
Related Papers (5)
Frequently Asked Questions (9)
Q2. How does FindBugs evaluate the && and || operators?
Java evaluates the && and || operators using short-circuit evaluation: the right-hand side is evaluated only if needed in order to determine the expression’s value.
Q3. How many percent of users said a team does the review?
(Eleven percent of users said a team does the review, and 14 percent indicated that a reviewer can make independent decisions only for trivial cases.)
Q4. What other policies are used to suppress warnings?
Other policies include automatically inserting warnings into a bug tracker, having one or two people who maintain FindBugs and review warnings, requiring that warnings are human reviewed within a given time limit or warning-count threshold, integrating FindBugs into code review, running FindBugs automatically overnight and emailing problems to developers, and using a continuous-build server to display active warnings.
Q5. What is the main lesson from this experience?
The main lesson the authors learned from this experience is that developers will pay attention to, and fix, FindBugs warnings if they appear seamlessly within the workflow.
Q6. What was the first phase of the project?
In their project’s second phase, the authors implemented a service model in which two of the authors (David Morgenthaler and John Penix) spent half the time evaluating warnings and reporting those the authors decided were significant defects in Google’s bugtracking systems.
Q7. What makes it likely that many reviews take place closer to the release date?
This makes it likely that many reviews take place closer to the release date, when the pressure means that the emphasis is more on suppressing warnings than fixing code.
Q8. What is the reason why some users are wary of modifying code to avoid detections?
Some users are wary of “tuning code” to FindBugs by modifying the code to remove even low-pri-ority warnings or adding annotations.
Q9. What is the code that should have been a getter method for the field foundType?
}This code should have been a getter method for the field foundType, but the extra parenthesis means it always recursively calls itself until the stack overflows.