LCLint: a tool for using specifications to check code
SIGSOFT '94 Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering
Static detection of dynamic memory errors
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
Eraser: a dynamic data race detector for multithreaded programs
ACM Transactions on Computer Systems (TOCS)
Pattern languages of program design 3
Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Dynamically Discovering Likely Program Invariants to Support Program Evolution
IEEE Transactions on Software Engineering - Special issue on 1999 international conference on software engineering
Effective Java programming language guide
Effective Java programming language guide
An empirical study of operating systems errors
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Bitter Java
Flow-sensitive type qualifiers
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Efficient and precise datarace detection for multithreaded object-oriented programs
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Tracking down software bugs using automatic anomaly detection
Proceedings of the 24th International Conference on Software Engineering
Bug Patterns in Java
Using redundancies to find errors
Proceedings of the 10th ACM SIGSOFT symposium on Foundations of software engineering
Using Programmer-Written Compiler Extensions to Catch Security Holes
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Applying Static Analysis to Large-Scale, Multi-Threaded Java Programs
ASWEC '01 Proceedings of the 13th Australian Conference on Software Engineering
RacerX: effective, static detection of race conditions and deadlocks
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Parametric regular path queries
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
A Comparison of Bug Finding Tools for Java
ISSRE '04 Proceedings of the 15th International Symposium on Software Reliability Engineering
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
ASTLOG: a language for examining abstract syntax trees
DSL'97 Proceedings of the Conference on Domain-Specific Languages on Conference on Domain-Specific Languages (DSL), 1997
Z-ranking: using statistical analysis to counter the impact of static analysis approximations
SAS'03 Proceedings of the 10th international conference on Static analysis
OOPSLA '04 Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
An Eclipse-based course project snapshot and submission system
eclipse '04 Proceedings of the 2004 OOPSLA workshop on eclipse technology eXchange
Observations on the assured evolution of concurrent Java programs
Science of Computer Programming - Special issue: Concurrency and synchronization in Java programs
Improving distributed memory applications testing by message perturbation
Proceedings of the 2006 workshop on Parallel and distributed systems: testing and debugging
Identifying domain-specific defect classes using inspections and change history
Proceedings of the 2006 ACM/IEEE international symposium on Empirical software engineering
Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
A static aspect language for checking design rules
Proceedings of the 6th international conference on Aspect-oriented software development
Behavioral similarity matching using concrete source code templates in logic queries
Proceedings of the 2007 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Using GUI Run-Time State as Feedback to Generate Test Cases
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Testing Concurrent Java Components
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Static error detection using semantic inconsistency inference
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Using portfolio theory for better and more consistent quality
Proceedings of the 2007 international symposium on Software testing and analysis
Detecting object usage anomalies
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Finding bugs efficiently with a SAT solver
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
State space exploration using feedback constraint generation and Monte-Carlo sampling
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Contract driven development = test driven development - writing test cases
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Time will tell: fault localization using time spectra
Proceedings of the 30th international conference on Software engineering
MimEc: intelligent user notification of faults in the eclipse IDE
Proceedings of the 2008 international workshop on Cooperative and human aspects of software engineering
Developing natural language-based program analyses and tools to expedite software maintenance
Companion of the 30th international conference on Software engineering
Understanding bug fix patterns in verilog
Proceedings of the 2008 international working conference on Mining software repositories
A metric for software readability
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Verifying dereference safety via expanding-scope analysis
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Reproducible testing of distributed software with middleware virtualization and simulation
PADTAD '08 Proceedings of the 6th workshop on Parallel and distributed systems: testing, analysis, and debugging
Securing Java code: heuristics and an evaluation of static analysis tools
Proceedings of the 2008 workshop on Static analysis
Static Program Analysis for Java Card Applets
CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Classification of Component Vulnerabilities in Java Service Oriented Programming (SOP) Platforms
CBSE '08 Proceedings of the 11th International Symposium on Component-Based Software Engineering
Guided model checking for programs with polymorphism
Proceedings of the 2009 ACM SIGPLAN workshop on Partial evaluation and program manipulation
Addressing common crosscutting problems with Arcum
Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
XFindBugs: eXtended FindBugs for AspectJ
Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Effective identification of failure-inducing changes: a hybrid approach
Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
A Static Bug Detector for Uninitialized Field References in Java Programs
IEICE - Transactions on Information and Systems
A Meta Heuristic for Effectively Detecting Concurrency Errors
HVC '08 Proceedings of the 4th International Haifa Verification Conference on Hardware and Software: Verification and Testing
Toward an understanding of bug fix patterns
Empirical Software Engineering
On guiding the augmentation of an automated test suite via mutation analysis
Empirical Software Engineering
Accurate Interprocedural Null-Dereference Analysis for Java
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Graph-based mining of multiple object usage patterns
Proceedings of the the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Protecting Database Centric Web Services against SQL/XPath Injection Attacks
DEXA '09 Proceedings of the 20th International Conference on Database and Expert Systems Applications
CZ: multiple inheritance without diamonds
Proceedings of the 24th ACM SIGPLAN conference on Object oriented programming systems languages and applications
Practically Applicable Formal Methods
SOFSEM '10 Proceedings of the 36th Conference on Current Trends in Theory and Practice of Computer Science
A desiderata for refactoring-based software modularity improvement
Proceedings of the 3rd India software engineering conference
Enforcing structural regularities in software using IntensiVE
Science of Computer Programming
Iterative execution-feedback model-directed GUI testing
Information and Software Technology
Explaining intermittent concurrent bugs by minimizing scheduling noise
HVC'06 Proceedings of the 2nd international Haifa verification conference on Hardware and software, verification and testing
Automatic coding rule conformance checking using logic programming
PADL'08 Proceedings of the 10th international conference on Practical aspects of declarative languages
Recurring bug fixes in object-oriented programs
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Making defect-finding tools work for you
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2
UsabML: formalising the exchange of usability findings
Proceedings of the 2nd ACM SIGCHI symposium on Engineering interactive computing systems
The fluid software metadata framework (FSM)
Proceedings of the 2nd ACM SIGCHI symposium on Engineering interactive computing systems
Graph queries through datalog optimizations
Proceedings of the 12th international ACM SIGPLAN symposium on Principles and practice of declarative programming
Impendulo: debugging the programmer
Proceedings of the IEEE/ACM international conference on Automated software engineering
Detection of recurring software vulnerabilities
Proceedings of the IEEE/ACM international conference on Automated software engineering
Matching dependence-related queries in the system dependence graph
Proceedings of the IEEE/ACM international conference on Automated software engineering
JEqualityGen: generating equality and hashing methods
GPCE '10 Proceedings of the ninth international conference on Generative programming and component engineering
Detecting missing method calls in object-oriented software
ECOOP'10 Proceedings of the 24th European conference on Object-oriented programming
Domain-specific program checking
TOOLS'10 Proceedings of the 48th international conference on Objects, models, components, patterns
AnnaBot: a static verifier for java annotation usage
Advances in Software Engineering - Special issue on software test automation
Predicting defect priority based on neural networks
ADMA'10 Proceedings of the 6th international conference on Advanced data mining and applications - Volume Part II
Metamodeling semantics of multiple inheritance
Science of Computer Programming
Evolutionary repair of faulty software
Applied Soft Computing
Code-motion for API migration: fixing SQL injection vulnerabilities in Java
Proceedings of the 4th Workshop on Refactoring Tools
Proceedings of the 8th Working Conference on Mining Software Repositories
Static extraction of program configuration options
Proceedings of the 33rd International Conference on Software Engineering
Assessing modularity via usage changes
Proceedings of the 10th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools
Proceedings of the 25th European conference on Object-oriented programming
Frequency estimation of virtual call targets for object-oriented programs
Proceedings of the 25th European conference on Object-oriented programming
Linguistic style checking with program checking tools
Computer Languages, Systems and Structures
Using annotations to check structural properties of classes
FASE'05 Proceedings of the 8th international conference, held as part of the joint European Conference on Theory and Practice of Software conference on Fundamental Approaches to Software Engineering
Taming false alarms from a domain-unaware c analyzer by a bayesian statistical post analysis
SAS'05 Proceedings of the 12th international conference on Static Analysis
Comparing bug finding tools with reviews and tests
TestCom'05 Proceedings of the 17th IFIP TC6/WG 6.1 international conference on Testing of Communicating Systems
Automatic incrementalization of prolog based static analyses
PADL'07 Proceedings of the 9th international conference on Practical Aspects of Declarative Languages
A formal approach to fixing bugs
SBMF'11 Proceedings of the 14th Brazilian conference on Formal Methods: foundations and Applications
A lightweight technique for distributed and incremental program verification
VSTTE'12 Proceedings of the 4th international conference on Verified Software: theories, tools, experiments
On the improvement of a fault classification scheme with implications for white-box testing
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Residual investigation: predictive and precise bug detection
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Proceedings of the 2012 Workshop on Parallel and Distributed Systems: Testing, Analysis, and Debugging
Metadata invariants: checking and inferring metadata coding conventions
Proceedings of the 34th International Conference on Software Engineering
Using automatic static analysis to identify technical debt
Proceedings of the 34th International Conference on Software Engineering
Towards an open framework for c verification tools benchmarking
PSI'11 Proceedings of the 8th international conference on Perspectives of System Informatics
Reifying and optimizing collection queries for modularity
Proceedings of the 3rd annual conference on Systems, programming, and applications: software for humanity
Reifying and optimizing collection queries for modularity
Proceedings of the 3rd annual conference on Systems, programming, and applications: software for humanity
Using linux device drivers for static verification tools benchmarking
Programming and Computing Software
Non-null references by default in java: alleviating the nullity annotation burden
ECOOP'07 Proceedings of the 21st European conference on Object-Oriented Programming
Detecting missing method calls as violations of the majority rule
ACM Transactions on Software Engineering and Methodology (TOSEM)
Dual analysis for proving safety and finding bugs
Science of Computer Programming
Reify your collection queries for modularity and speed!
Proceedings of the 12th annual international conference on Aspect-oriented software development
A case study on effectively identifying technical debt
Proceedings of the 17th International Conference on Evaluation and Assessment in Software Engineering
Assistance in computer programming learning using educational data mining and learning analytics
Proceedings of the 18th ACM conference on Innovation and technology in computer science education
Scaffolding students' learning using test my code
Proceedings of the 18th ACM conference on Innovation and technology in computer science education
Does bug prediction support human developers? findings from a google case study
Proceedings of the 2013 International Conference on Software Engineering
Proceedings of the 2013 International Conference on Software Engineering
Inferring dependency constraints on parameters for web services
Proceedings of the 22nd international conference on World Wide Web
Inlined monitors for security policy enforcement in web applications
Proceedings of the 17th Panhellenic Conference on Informatics
Secure development tool adoption in open-source
Proceedings of the 2013 companion publication for conference on Systems, programming, & applications: software for humanity
A source-to-source transformation tool for error fixing
CASCON '13 Proceedings of the 2013 Conference of the Center for Advanced Studies on Collaborative Research
Hi-index | 0.00 |
Many techniques have been developed over the years to automatically find bugs in software. Often, these techniques rely on formal methods and sophisticated program analysis. While these techniques are valuable, they can be difficult to apply, and they aren't always effective in finding real bugs.Bug patterns are code idioms that are often errors. We have implemented automatic detectors for a variety of bug patterns found in Java programs. In this paper, we describe how we have used bug pattern detectors to find serious bugs in several widely used Java applications and libraries. We have found that the effort required to implement a bug pattern detector tends to be low, and that even extremely simple detectors find bugs in real applications.From our experience applying bug pattern detectors to real programs, we have drawn several interesting conclusions. First, we have found that even well tested code written by experts contains a surprising number of obvious bugs. Second, Java (and similar languages) have many language features and APIs which are prone to misuse. Finally, that simple automatic techniques can be effective at countering the impact of both ordinary mistakes and misunderstood language features.