ABSTRACT
In the summer of 2006, the FindBugs project was challenged to improve the null pointer analysis in FindBugs so that we could find more null pointer bugs. In particular, we were challenged to try to do as well as a publicly available analysis by Reasoning, Inc on version 4.1.24 of Apache Tomcat. Reasoning's report is a result of running their own static analysis tool and using manual auditing to remove false positives. Reasoning reported a total of 9 null pointer warnings in Tomcat 4.1.24, of which only 2 were reported by FindBugs 1.0. While we wanted to improve the analysis in FindBugs, we wanted to retain our current low level of false positives.
As of result of the work presented in this paper, FindBugs now reports 4 of the 9 warnings in Tomcat, shows that one of the warnings reported by Reasoning is a false positive, and classifies the remaining 4 as being dependent on the feasibility of a particular path, which cannot be easier ascertained by a local examination of the source code. Moreover, we found 24 additional null pointer bugs in Tomcat that had been missed by Reasoning, and overall doubled the number of null pointer bugs found by FindBugs while improving the quality and significance of reported defects.
- Apache Tomcat. http://tomcat.apache.org, 2006.Google Scholar
- I. Dillig, T. Dillig, and A. Aiken. Static error detection using semantic inconsistency inference. In Proceedings of the Conference on Programming Language Design and Implementation, June 2007. Google ScholarDigital Library
- D. Engler and K. Ashcraft. RacerX: effective, static detection of race conditions and deadlocks. In SOSP '03: Proceedings of the nineteenth ACM symposium on Operating systems principles, pages 237--252, New York, NY, USA, 2003. ACM Press. Google ScholarDigital Library
- D. Engler, D. Y. Chen, S. Hallem, A. Chou, and B. Chelf. Bugs as deviant behavior: a general approach to inferring errors in systems code. In SOSP '01: Proceedings of the eighteenth ACM symposium on Operating systems principles, pages 57--72, New York, NY, USA, 2001. ACM Press. Google ScholarDigital Library
- D. Evans. Static detection of dynamic memory errors. In PLDI '96: Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation, pages 44--53, New York, NY, USA, 1996. ACM Press. Google ScholarDigital Library
- D. Hovemeyer, J. Spacco, and W. Pugh. Evaluating and tuning a static analysis to find null pointer bugs. In PASTE '05: The 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, pages 13--19, New York, NY, USA, 2005. ACM Press. Google ScholarDigital Library
- W. Pugh. Null pointer detection microbenchmarks. http://findbugs.googlecode.com/svn/trunk/NullPointerBenchmark/, 2006.Google Scholar
- Reasoning, Inc. Reasoning inspection service defect data report for Tomcat, version 4.1.24, January 2003. http://www.reasoning.com/pdf/Tomcat Defect Report.pdf.Google Scholar
Index Terms
- Finding more null pointer bugs, but not too many
Recommendations
Evaluating and tuning a static analysis to find null pointer bugs
PASTE '05: Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineeringUsing static analysis to detect memory access errors, such as null pointer dereferences, is not a new problem. However, much of the previous work has used rather sophisticated analysis techniques in order to detect such errors.In this paper we show that ...
Evaluating static analysis defect warnings on production software
PASTE '07: Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineeringStatic analysis tools for software defect detection are becoming widely used in practice. However, there is little public information regarding the experimental evaluation of the accuracy and value of the warnings these tools report. In this paper, we ...
Finding bugs in eclipse
OOPSLA '07: Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companionThis will be a live demonstration of FindBugs, a static analysis bug finding tool, on the current development version of Eclipse 3.4. FindBugs reports issues such as null pointer dereferences, comparing incompatible types with equals, invalid method ...
Comments