Bandera: extracting finite-state models from Java source code
Proceedings of the 22nd international conference on Software engineering
An empirical study of operating systems errors
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Principles of Program Analysis
Principles of Program Analysis
Finding Latent Code Errors via Machine Learning over Program Executions
Proceedings of the 26th International Conference on Software Engineering
OOPSLA '04 Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
A Comparison of Bug Finding Tools for Java
ISSRE '04 Proceedings of the 15th International Symposium on Software Reliability Engineering
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CCured: type-safe retrofitting of legacy software
ACM Transactions on Programming Languages and Systems (TOPLAS)
Predicting the Location and Number of Faults in Large Software Systems
IEEE Transactions on Software Engineering
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
MSR '05 Proceedings of the 2005 international workshop on Mining software repositories
Mining metrics to predict component failures
Proceedings of the 28th international conference on Software engineering
Saturn: A scalable framework for error detection using Boolean satisfiability
ACM Transactions on Programming Languages and Systems (TOPLAS) - Special issue on POPL 2005
Valgrind: a framework for heavyweight dynamic binary instrumentation
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Evaluating static analysis defect warnings on production software
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Prioritizing Warning Categories by Analyzing Software History
MSR '07 Proceedings of the Fourth International Workshop on Mining Software Repositories
The software model checker Blast: Applications to software engineering
International Journal on Software Tools for Technology Transfer (STTT)
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Extraction of bug localization benchmarks from history
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Predicting faults from cached history
ISEC '08 Proceedings of the 1st India software engineering conference
Using Static Analysis to Find Bugs
IEEE Software
EXE: Automatically Generating Inputs of Death
ACM Transactions on Information and System Security (TISSEC)
A Model Building Process for Identifying Actionable Static Analysis Alerts
ICST '09 Proceedings of the 2009 International Conference on Software Testing Verification and Validation
Toward an understanding of bug fix patterns
Empirical Software Engineering
Formal Methods in System Design
Z-ranking: using statistical analysis to counter the impact of static analysis approximations
SAS'03 Proceedings of the 10th international conference on Static analysis
Online inference and enforcement of temporal properties
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
A discriminative model approach for accurate duplicate bug report retrieval
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Analyzing concurrency bugs using dual slicing
Proceedings of the 19th international symposium on Software testing and analysis
Automatic construction of an effective training set for prioritizing static analysis warnings
Proceedings of the IEEE/ACM international conference on Automated software engineering
Information and Software Technology
A decade of software model checking with SLAM
Communications of the ACM
Non-essential changes in version histories
Proceedings of the 33rd International Conference on Software Engineering
ReLink: recovering links between bugs and changes
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
An abstract interpretation framework for termination
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Model checking programs with java pathfinder
SPIN'05 Proceedings of the 12th international conference on Model Checking Software
Using automated program repair for evaluating the effectiveness of fault localization techniques
Proceedings of the 2013 International Symposium on Software Testing and Analysis
Hi-index | 0.00 |
Software defects can cause much loss. Static bug-finding tools are believed to help detect and remove defects. These tools are designed to find programming errors; but, do they in fact help prevent actual defects that occur in the field and reported by users? If these tools had been used, would they have detected these field defects, and generated warnings that would direct programmers to fix them? To answer these questions, we perform an empirical study that investigates the effectiveness of state-of-the-art static bug finding tools on hundreds of reported and fixed defects extracted from three open source programs: Lucene, Rhino, and AspectJ. Our study addresses the question: To what extent could field defects be found and detected by state-of-the-art static bug-finding tools? Different from past studies that are concerned with the numbers of false positives produced by such tools, we address an orthogonal issue on the numbers of false negatives. We find that although many field defects could be detected by static bug finding tools, a substantial proportion of defects could not be flagged. We also analyze the types of tool warnings that are more effective in finding field defects and characterize the types of missed defects.