Improving your software using static analysis to find bugs

Authors:
Brian Cole;Daniel Hakim;David Hovemeyer;Reuven Lazarus;William Pugh;Kristin Stephens
Affiliations:
University of Maryland, College Park, MD;University of Maryland, College Park, MD;University of Maryland, College Park, MD;University of Maryland, College Park, MD;University of Maryland, College Park, MD;University of Maryland, College Park, MD
Venue:
Companion to the 21st ACM SIGPLAN symposium on Object-oriented programming systems, languages, and applications
Year:
2006

Citing 0
Cited 9

Formal Software Analysis Emerging Trends in Software Model Checking

FOSE '07 2007 Future of Software Engineering
Transforming sources to petri nets: a way to analyze execution of parallel programs

Proceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops
Towards a unified fault-detection benchmark

Proceedings of the 9th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Extracting and answering why and why not questions about Java program output

ACM Transactions on Software Engineering and Methodology (TOSEM)
Diagnosing and correcting design inconsistencies in source code with logical abduction

Science of Computer Programming
Bug Wars: a competitive exercise to find bugs in code

Journal of Computing Sciences in Colleges
Running students' software tests against each others' code: new life for an old "gimmick"

Proceedings of the 43rd ACM technical symposium on Computer Science Education
Squid: an extensible infrastructure for analyzing software product line implementations

Proceedings of the 16th International Software Product Line Conference - Volume 2
Hairball: lint-inspired static analysis of scratch projects

Proceeding of the 44th ACM technical symposium on Computer science education

Quantified Score

Hi-index	0.00

Visualization

Abstract

FindBugs looks for bugs in Java programs. It is based on the concept of bug patterns. A bug pattern is a code idiom that is often an error. Bug patterns arise for a variety of reasons, such as difficult language features, misunderstood API semantics, misunderstood invariants when code is modified during maintenance, garden variety mistakes: typos, use of the wrong boolean operator and simple mistakes such as typos.FindBugs uses static analysis to inspect Java bytecode for occurrences of bug patterns. We have found that FindBugs finds real errors in most Java software. Because its analysis is sometimes imprecise, FindBugs can report false warnings, which are warnings that do not indicate true errors. In practice, the rate of false warnings reported by FindBugs is generally lower than 50%, often much lower.