Effective Java programming language guide
Effective Java programming language guide
ACM SIGPLAN Notices
IEEE Security and Privacy
Check 'n' crash: combining static checking and testing
Proceedings of the 27th international conference on Software engineering
Automatic Mining of Source Code Repositories to Improve Bug Finding Techniques
IEEE Transactions on Software Engineering
MSR '05 Proceedings of the 2005 international workshop on Mining software repositories
Finding application errors and security flaws using PQL: a program query language
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Exploring the acceptability envelope
OOPSLA '05 Companion to the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Evaluating and tuning a static analysis to find null pointer bugs
PASTE '05 Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Continuous code-quality assurance with SAFE
Proceedings of the 2006 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Application invariants: Design by Contract augmented with deployment correctness logic
Software—Practice & Experience
Dynamic inference of polymorphic lock types
Science of Computer Programming - Special issue: Concurrency and synchronization in Java programs
LOCKSMITH: context-sensitive correlation analysis for race detection
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Tracking defect warnings across versions
Proceedings of the 2006 international workshop on Mining software repositories
Program partitioning: a framework for combining static and dynamic analysis
Proceedings of the 2006 international workshop on Dynamic systems analysis
DSD-Crasher: a hybrid analysis tool for bug finding
Proceedings of the 2006 international symposium on Software testing and analysis
Postmodern prospects for conceptual modelling
APCCM '06 Proceedings of the 3rd Asia-Pacific conference on Conceptual modelling - Volume 53
A framework for implementing pluggable type systems
Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Proceedings of the 5th international conference on Generative programming and component engineering
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
A framework for the static verification of api calls
Journal of Systems and Software
Using SCL to Specify and Check Design Intent in Source Code
IEEE Transactions on Software Engineering
Incremental Maintenance of Software Artifacts
IEEE Transactions on Software Engineering
Adaptive Probabilistic Model for Ranking Code-Based Static Analysis Alerts
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Improving software quality with static analysis
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Prioritizing Warning Categories by Analyzing Software History
MSR '07 Proceedings of the Fourth International Workshop on Mining Software Repositories
Using Automated Fix Generation to Secure SQL Statements
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Variably interprocedural program analysis for runtime error detection
Proceedings of the 2007 international symposium on Software testing and analysis
Techniques for specifying bug patterns
Proceedings of the 2007 ACM workshop on Parallel and distributed systems: testing and debugging
Which warnings should I fix first?
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Ilea: inter-language analysis across java and c
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
Tracking bad apples: reporting the origin of null and undefined value errors
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion
Predicting buggy changes inside an integrated development environment
Proceedings of the 2007 OOPSLA workshop on eclipse technology eXchange
Securing web applications with static and dynamic information flow tracking
PEPM '08 Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Exceptional situations and program reliability
ACM Transactions on Programming Languages and Systems (TOPLAS)
DSD-Crasher: A hybrid analysis tool for bug finding
ACM Transactions on Software Engineering and Methodology (TOSEM)
Proceedings of the 30th international conference on Software engineering
Symbolic mining of temporal specifications
Proceedings of the 30th international conference on Software engineering
Predicting accurate and actionable static analysis warnings: an experimental approach
Proceedings of the 30th international conference on Software engineering
Parfait: designing a scalable bug checker
Proceedings of the 2008 workshop on Static analysis
Proceedings of the Second ACM-IEEE international symposium on Empirical software engineering and measurement
Recommending method invocation context changes
Proceedings of the 2008 international workshop on Recommendation systems for software engineering
On automated prepared statement generation to remove SQL injection vulnerabilities
Information and Software Technology
Masked types for sound object initialization
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Automatic generation of XSS and SQL injection attacks with goal-directed model checking
SS'08 Proceedings of the 17th conference on Security symposium
Mining software repositories for software change impact analysis: a case study
SBBD '08 Proceedings of the 23rd Brazilian symposium on Databases
Specification Mining with Few False Positives
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
Snugglebug: a powerful approach to weakest preconditions
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Chameleon: adaptive selection of collections
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
In-field healing of integration problems with COTS components
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Equality and hashing for (almost) free: Generating implementations from abstraction functions
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Using checklists to review static analysis warnings
Proceedings of the 2nd International Workshop on Defects in Large Software Systems: Held in conjunction with the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2009)
Implementing relationships using Affinity
Proceedings of the Workshop on Relationships and Associations in Object-Oriented Languages
A genetic programming approach to automated software repair
Proceedings of the 11th Annual conference on Genetic and evolutionary computation
Darwin: an approach for debugging evolving programs
Proceedings of the the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
JavaCOP: Declarative pluggable types for java
ACM Transactions on Programming Languages and Systems (TOPLAS)
Error Detection in Concurrent Java Programs
Electronic Notes in Theoretical Computer Science (ENTCS)
Automatic program repair with evolutionary computation
Communications of the ACM
Combining static and dynamic reasoning for bug detection
TAP'07 Proceedings of the 1st international conference on Tests and proofs
A model of triangulating environments for policy authoring
Proceedings of the 15th ACM symposium on Access control models and technologies
Proceedings of the 19th international symposium on Software testing and analysis
Automatic construction of an effective training set for prioritizing static analysis warnings
Proceedings of the IEEE/ACM international conference on Automated software engineering
Scalable and systematic detection of buggy inconsistencies in source code
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Understanding the impact of collection contracts on design
TOOLS'10 Proceedings of the 48th international conference on Objects, models, components, patterns
Information and Software Technology
Formalisation and implementation of an algorithm for bytecode verification of @NonNull types
Science of Computer Programming
Feedlack detects missing feedback in web applications
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
DyTa: dynamic symbolic execution guided with static verification results
Proceedings of the 33rd International Conference on Software Engineering
A security policy oracle: detecting security holes using multiple API implementations
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Detecting anomalies in the order of equally-typed method arguments
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Static deep error checking in large system applications using parfait
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
A study of android application security
SEC'11 Proceedings of the 20th USENIX conference on Security
Mining temporal specifications from object usage
Automated Software Engineering
Checking enforcement of integrity constraints in database applications based on code patterns
Journal of Systems and Software
A framework for analyzing programs written in proprietary languages
Proceedings of the ACM international conference companion on Object oriented programming systems languages and applications companion
Finding and fixing Java naming bugs with the Lancelot Eclipse plugin
PEPM '12 Proceedings of the ACM SIGPLAN 2012 workshop on Partial evaluation and program manipulation
QoSA'10 Proceedings of the 6th international conference on Quality of Software Architectures: research into Practice - Reality and Gaps
An extensible open-source compiler infrastructure for testing
HVC'05 Proceedings of the First Haifa international conference on Hardware and Software Verification and Testing
STANSE: bug-finding framework for c programs
MEMICS'11 Proceedings of the 7th international conference on Mathematical and Engineering Methods in Computer Science
VSTTE'12 Proceedings of the 4th international conference on Verified Software: theories, tools, experiments
DARWIN: An approach to debugging evolving programs
ACM Transactions on Software Engineering and Methodology (TOSEM)
Partially Evaluating Finite-State Runtime Monitors Ahead of Time
ACM Transactions on Programming Languages and Systems (TOPLAS)
Understanding and detecting real-world performance bugs
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
System-specific static code analyses: a case study in the complex embedded systems domain
Software Quality Control
A type system for regular expressions
Proceedings of the 14th Workshop on Formal Techniques for Java-like Programs
Residual investigation: predictive and precise bug detection
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Statically checking API protocol conformance with mined multi-object specifications
Proceedings of the 34th International Conference on Software Engineering
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
Alternate and learn: finding witnesses without looking all over
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Joogie: infeasible code detection for java
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Optimizing threads schedule alignments to expose the interference bug pattern
SSBSE'12 Proceedings of the 4th international conference on Search Based Software Engineering
Effective pattern-driven concurrency bug detection for operating systems
Journal of Systems and Software
Security Evaluation of Service-Oriented Systems Using the SiSOA Method
International Journal of Secure Software Engineering
Predicting method crashes with bytecode operations
Proceedings of the 6th India Software Engineering Conference
Generating sound and effective memory debuggers
Proceedings of the 2013 international symposium on memory management
On the existence of high-impact refactoring opportunities in programs
ACSC '12 Proceedings of the Thirty-fifth Australasian Computer Science Conference - Volume 122
Integrating systematic exploration, analysis, and maintenance in software development
Proceedings of the 2013 International Conference on Software Engineering
Joogie: from Java through Jimple to Boogie
Proceedings of the 2nd ACM SIGPLAN International Workshop on State Of the Art in Java Program analysis
Making offline analyses continuous
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
A comparative evaluation of static analysis actionable alert identification techniques
Proceedings of the 9th International Conference on Predictive Models in Software Engineering
Applying static analysis to high-dimensional malicious application detection
Proceedings of the 51st ACM Southeast Conference
Hi-index | 0.02 |
Many techniques have been developed over the years to automatically find bugs in software. Often, these techniques rely on formal methods and sophisticated program analysis. While these techniques are valuable, they can be difficult to apply, and they aren't always effective in finding real bugs. Bug patterns are code idioms that are often errors. We have implemented automatic detectors for a variety of bug patterns found in Java programs. In this extended abstract1, we describe how we have used bug pattern detectors to find serious bugs in several widely used Java applications and libraries. We have found that the effort required to implement a bug pattern detector tends to be low, and that even extremely simple detectors find bugs in real applications. From our experience applying bug pattern detectors to real programs, we have drawn several interesting conclusions. First, we have found that even well tested code written by experts contains a surprising number of obvious bugs. Second, Java (and similar languages) have many language features and APIs which are prone to misuse. Finally, that simple automatic techniques can be effective at countering the impact of both ordinary mistakes and misunderstood language features.