Bugs as deviant behavior: a general approach to inferring errors in systems code
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
How to write system-specific, static checkers in metal
Proceedings of the 2002 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Testing static analysis tools using exploitable buffer overflows from open source code
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
A Comparison of Bug Finding Tools for Java
ISSRE '04 Proceedings of the 15th International Symposium on Software Reliability Engineering
Tracking defect warnings across versions
Proceedings of the 2006 international workshop on Mining software repositories
Have things changed now?: an empirical study of bug characteristics in modern open source software
Proceedings of the 1st workshop on Architectural and system support for improving software dependability
Static error detection using semantic inconsistency inference
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Comparing bug finding tools with reviews and tests
TestCom'05 Proceedings of the 17th IFIP TC6/WG 6.1 international conference on Testing of Communicating Systems
Using FindBugs on production software
Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion
Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion
Predicting accurate and actionable static analysis warnings: an experimental approach
Proceedings of the 30th international conference on Software engineering
A report on a survey and study of static analysis users
DEFECTS '08 Proceedings of the 2008 workshop on Defects in large software systems
Securing Java code: heuristics and an evaluation of static analysis tools
Proceedings of the 2008 workshop on Static analysis
Proceedings of the Second ACM-IEEE international symposium on Empirical software engineering and measurement
XFindBugs: eXtended FindBugs for AspectJ
Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Accurate Interprocedural Null-Dereference Analysis for Java
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Using checklists to review static analysis warnings
Proceedings of the 2nd International Workshop on Defects in Large Software Systems: Held in conjunction with the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2009)
Test-data generation guided by static defect detection
Journal of Computer Science and Technology
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Towards a unified fault-detection benchmark
Proceedings of the 9th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Making defect-finding tools work for you
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2
Predicting OSS trustworthiness on the basis of elementary code assessment
Proceedings of the 2010 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement
Fade to Grey: Tuning Static Program Analysis
Electronic Notes in Theoretical Computer Science (ENTCS)
Formal Methods in System Design
Proceedings of the 4th India Software Engineering Conference
Feedlack detects missing feedback in web applications
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Idea: java vs. PHP: security implications of language choice for web applications
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
An historical examination of open source releases and their vulnerabilities
Proceedings of the 2012 ACM conference on Computer and communications security
Innovations in Systems and Software Engineering
Software verification and graph similarity for automated evaluation of students' assignments
Information and Software Technology
Does bug prediction support human developers? findings from a google case study
Proceedings of the 2013 International Conference on Software Engineering
Hi-index | 0.00 |
Static analysis tools for software defect detection are becoming widely used in practice. However, there is little public information regarding the experimental evaluation of the accuracy and value of the warnings these tools report. In this paper, we discuss the warnings found by FindBugs, a static analysis tool that finds defects in Java programs. We discuss the kinds of warnings generated and the classification of warnings into false positives, trivial bugs and serious bugs. We also provide some insight into why static analysis tools often detect true but trivial bugs, and some information about defect warnings across the development lifetime of software release. We report data on the defect warnings in Sun's Java 6 JRE, in Sun's Glassfish JEE server, and in portions of Google's Java codebase. Finally, we report on some experiences from incorporating static analysis into the software development process at Google.