ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Finding bugs is easy
Full text PdfPdf (507 KB)
Source ACM SIGPLAN Notices archive
Volume 39 ,  Issue 12  (December 2004) table of contents
COLUMN: OOPSLA onward! table of contents
Pages: 92 - 106  
Year of Publication: 2004
ISSN:0362-1340
Authors
David Hovemeyer  University of Maryland, College Park, Maryland
William Pugh  University of Maryland, College Park, Maryland
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 37,   Downloads (12 Months): 253,   Citation Count: 33
Additional Information:

abstract   references   cited by   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1052883.1052895
What is a DOI?

ABSTRACT

Many techniques have been developed over the years to automatically find bugs in software. Often, these techniques rely on formal methods and sophisticated program analysis. While these techniques are valuable, they can be difficult to apply, and they aren't always effective in finding real bugs.Bug patterns are code idioms that are often errors. We have implemented automatic detectors for a variety of bug patterns found in Java programs. In this paper, we describe how we have used bug pattern detectors to find serious bugs in several widely used Java applications and libraries. We have found that the effort required to implement a bug pattern detector tends to be low, and that even extremely simple detectors find bugs in real applications.From our experience applying bug pattern detectors to real programs, we have drawn several interesting conclusions. First, we have found that even well tested code written by experts contains a surprising number of obvious bugs. Second, Java (and similar languages) have many language features and APIs which are prone to misuse. Finally, that simple automatic techniques can be effective at countering the impact of both ordinary mistakes and misunderstood language features.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Eric Allen, Bug Patterns in Java, APress L. P., 2002
 
2
Apache Ant, http://ant.apache.org/, 2004.
 
3
Cyrille Artho , Armin Biere, Applying Static Analysis to Large-Scale, Multi-Threaded Java Programs, Proceedings of the 13th Australian Conference on Software Engineering, p.68, August 27-28, 2001
 
4
Ken Ashcraft , Dawson Engler, Using Programmer-Written Compiler Extensions to Catch Security Holes, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.143, May 12-15, 2002
 
5
G. Back and D. Engler. MJ: A system for constructing bug-finding analyses for Java. http://www.stanford.edu/~gback/gback-icse2004.pdf, 2003.
6
Thomas Ball , Sriram K. Rajamani, The SLAM project: debugging system software via static analysis, Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.1-3, January 16-18, 2002, Portland, Oregon
 
7
The Byte Code Engineering Library, http://jakarta.apache.org/bcel/, 2004.
 
8
Joshua Bloch, Effective Java programming language guide, Sun Microsystems, Inc., Mountain View, CA, 2001
 
9
William R. Bush , Jonathan D. Pincus , David J. Sielaff, A static analyzer for finding dynamic programming errors, Software—Practice & Experience, v.30 n.7, p.775-802, June 2000  [doi>10.1002/(SICI)1097-024X(200006)30:7<775::AID-SPE309>3.0.CO;2-H]
 
10
CheckStyle, http://checkstyle.sourceforge.net, 2004.
11
Jong-Deok Choi , Keunwoo Lee , Alexey Loginov , Robert O'Callahan , Vivek Sarkar , Manu Sridharan, Efficient and precise datarace detection for multithreaded object-oriented programs, Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, June 17-19, 2002, Berlin, Germany
12
Andy Chou , Junfeng Yang , Benjamin Chelf , Seth Hallem , Dawson Engler, An empirical study of operating systems errors, Proceedings of the eighteenth ACM symposium on Operating systems principles, October 21-24, 2001, Banff, Alberta, Canada
 
13
R. F. Crew. ASTLOG: A language for examining abstract syntax trees. In USENIX Conference on Domain Specific Languages, pages 229--241, Santa Barbara, 1997.
 
14
M. C. Daconta, E. Monk, J. P. Keller, and K. Bohnenberger. Java Pitfalls. John Wiley & Sons, Inc., 2000.
15
Manuvir Das , Sorin Lerner , Mark Seigle, ESP: path-sensitive program verification in polynomial time, Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, June 17-19, 2002, Berlin, Germany
 
16
DrJava, http://www.drjava.org/, 2004.
 
17
A. Druin, B. Bederson, A. Weeks, A. Farber, J. Grosjean, M. Guha, J. Hourcade, J. Lee, S. Liao, K. Reuter, A. Rose, Y. Takayama, L., and L. Zhang. The international children's digital library: Description and analysis of first use. Technical Report HCIL-2003-02, Human-Computer Interaction Lab, Univ. of Maryland, January 2003.
 
18
Eclipse, http://www.eclipse.org/, 2004.
19
Dawson Engler , Ken Ashcraft, RacerX: effective, static detection of race conditions and deadlocks, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
 
20
D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of the Fourth Symposium on Operating Systems Design and Implementation, San Diego, CA, Oct. 2000.
 
21
Michael D. Ernst , Jake Cockrell , William G. Griswold , David Notkin, Dynamically Discovering Likely Program Invariants to Support Program Evolution, IEEE Transactions on Software Engineering, v.27 n.2, p.99-123, February 2001  [doi>10.1109/32.908957]
22
David Evans, Static detection of dynamic memory errors, Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation, p.44-53, May 21-24, 1996, Philadelphia, Pennsylvania, United States
23
David Evans , John Guttag , James Horning , Yang Meng Tan, LCLint: a tool for using specifications to check code, Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering, p.87-96, December 06-09, 1994, New Orleans, Louisiana, United States
24
Cormac Flanagan , K. Rustan M. Leino , Mark Lillibridge , Greg Nelson , James B. Saxe , Raymie Stata, Extended static checking for Java, Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, June 17-19, 2002, Berlin, Germany
25
Jeffrey S. Foster , Manuel Fähndrich , Alexander Aiken, A theory of type qualifiers, Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation, p.192-203, May 01-04, 1999, Atlanta, Georgia, United States
26
Jeffrey S. Foster , Tachio Terauchi , Alex Aiken, Flow-sensitive type qualifiers, Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, June 17-19, 2002, Berlin, Germany
 
27
GNU Classpath, http://www.gnu.org/software/classpath/, 2004.
28
Seth Hallem , Benjamin Chelf , Yichen Xie , Dawson Engler, A system and language for building system-specific, static analyses, Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, June 17-19, 2002, Berlin, Germany
29
Sudheendra Hangal , Monica S. Lam, Tracking down software bugs using automatic anomaly detection, Proceedings of the 24th International Conference on Software Engineering, May 19-25, 2002, Orlando, Florida  [doi>10.1145/581339.581377]
 
30
D. Hovemeyer and W. Pugh. Finding concurrency bugs in Java. In Proceedings of the PODC Workshop on Concurrency and Synchronization in Java Programs, St. John's, Newfoundland, Canada, July 2004.
 
31
Java(tm) 2 Platform, Standard Edition, http://java.sun.com/j2se/, 2004.
 
32
Collected java practices. http://www.javapractices.com.
 
33
JBoss, http://www.jboss.org/, 2004.
 
34
jEdit, http://www.jedit.org/, 2004.
 
35
S. Johnson, Lint, a C program checker. In UNIX Programmer's Supplementary Documents Volume 1 (PS1), April 1986.
 
36
T. Kremenek and D. R. Engler. Z-ranking: Using statistical analysis to counter the impact of static analysis approximations. In Proceedings of Static Analysis, 10th International Symposium, SAS 2003, San Diego, CA, USA, pages 295--315, June 2003.
37
Yanhong A. Liu , Tom Rothamel , Fuxiang Yu , Scott D. Stoller , Nanjun Hu, Parametric regular path queries, Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation, June 09-11, 2004, Washington DC, USA
 
38
PMD, http://pmd.sourceforge.net, 2004.
 
39
W. Pugh. The double checked locking is broken declaration. http://www.cs.umd.edu/users/pugh/java/memory-Model/DoubleCheckedLocking.html, July 2000.
 
40
Nick Rutar , Christian B. Almazan , Jeffrey S. Foster, A Comparison of Bug Finding Tools for Java, Proceedings of the 15th International Symposium on Software Reliability Engineering (ISSRE'04), p.245-256, November 02-05, 2004  [doi>10.1109/ISSRE.2004.1]
41
Stefan Savage , Michael Burrows , Greg Nelson , Patrick Sobalvarro , Thomas Anderson, Eraser: a dynamic data race detector for multithreaded programs, ACM Transactions on Computer Systems (TOCS), v.15 n.4, p.391-411, Nov. 1997  [doi>10.1145/265924.265927]
 
42
Douglas C. Schmidt , Tim Harrison, Double-checked locking, Pattern languages of program design 3, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1997
 
43
U. Shankar, K. Talwar, J. S. Foster, and D. Wagner. Detecting format string vulnerabilities with type qualifiers. In Proceedings of the 10th Usenix Security Symposium, Washington, D.C., Aug. 2001.
 
44
N. Sterling. WARLOCK --- a static data race analysis tool. In Proceedings of the USENIX Annual Technical Conference, pages 97--106, Winter 1993.
 
45
Bruce A. Tate, Bitter Java, Manning Publications Co., Greenwich, CT, 2002
46
Yichen Xie , Dawson Engler, Using redundancies to find errors, Proceedings of the 10th ACM SIGSOFT symposium on Foundations of software engineering, November 18-22, 2002, Charleston, South Carolina, USA  [doi>10.1145/587051.587060]

CITED BY  33
David Hovemeyer , William Pugh, Finding bugs is easy, Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications, October 24-28, 2004, Vancouver, BC, CANADA
Jaime Spacco , David Hovemeyer , William Pugh, An Eclipse-based course project snapshot and submission system, Proceedings of the 2004 OOPSLA workshop on eclipse technology eXchange, p.52-56, October 24-24, 2004, Vancouver, British Columbia, Canada
Aaron Greenhouse , T. J. Halloran , William L. Scherlis, Observations on the assured evolution of concurrent Java programs, Science of Computer Programming, v.58 n.3, p.384-411, December 2005
Cyril Briquet , Pierre-Arnoul de Marneffe, Reproducible testing of distributed software with middleware virtualization and simulation, Proceedings of the 6th workshop on Parallel and distributed systems: testing, analysis, and debugging, p.1-11, July 20-21, 2008, Seattle, Washington
Richard P. Gabriel , Ron Goldman, Conscientious software, ACM SIGPLAN Notices, v.41 n.10, October 2006
Tal Cohen , Joseph (Yossi) Gil , Itay Maman, JTL: the Java tools language, ACM SIGPLAN Notices, v.41 n.10, October 2006
Clint Morgan , Kris De Volder , Eric Wohlstadter, A static aspect language for checking design rules, Proceedings of the 6th international conference on Aspect-oriented software development, March 12-16, 2007, Vancouver, British Columbia, Canada
Richard Vuduc , Martin Schulz , Dan Quinlan , Bronis de Supinski , Andreas Sæbjørnsen, Improving distributed memory applications testing by message perturbation, Proceeding of the 2006 workshop on Parallel and distributed systems: testing and debugging, July 17-17, 2006, Portland, Maine, USA
Coen De Roover , Theo D'Hondt , Johan Brichau , Carlos Noguera , Laurence Duchien, Behavioral similarity matching using concrete source code templates in logic queries, Proceedings of the 2007 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation, January 15-16, 2007, Nice, France
Taiga Nakamura , Lorin Hochstein , Victor R. Basili, Identifying domain-specific defect classes using inspections and change history, Proceedings of the 2006 ACM/IEEE international symposium on International symposium on empirical software engineering, September 21-22, 2006, Rio de Janeiro, Brazil
Andreas Leitner , Ilinca Ciupa , Manuel Oriol , Bertrand Meyer , Arno Fiva, Contract driven development = test driven development - writing test cases, Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering, September 03-07, 2007, Dubrovnik, Croatia
Sangeetha Sudakrishnan , Janaki Madhavan , E. James Whitehead, Jr. , Jose Renau, Understanding bug fix patterns in verilog, Proceedings of the 2008 international working conference on Mining software repositories, May 10-11, 2008, Leipzig, Germany
Isil Dillig , Thomas Dillig , Alex Aiken, Static error detection using semantic inconsistency inference, ACM SIGPLAN Notices, v.42 n.6, June 2007
Ken Koster, Using portfolio theory for better and more consistent quality, Proceedings of the 2007 international symposium on Software testing and analysis, July 09-12, 2007, London, United Kingdom
Paul Strooper , Luke Wildman, Testing Concurrent Java Components, Companion to the proceedings of the 29th International Conference on Software Engineering, p.161-162, May 20-26, 2007
Xun Yuan , Atif M. Memon, Using GUI Run-Time State as Feedback to Generate Test Cases, Proceedings of the 29th International Conference on Software Engineering, p.396-405, May 20-26, 2007
Andrzej Wasylkowski , Andreas Zeller , Christian Lindig, Detecting object usage anomalies, Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering, September 03-07, 2007, Dubrovnik, Croatia
Raymond P.L. Buse , Westley R. Weimer, A metric for software readability, Proceedings of the 2008 international symposium on Software testing and analysis, July 20-24, 2008, Seattle, WA, USA
Julian Dolby , Mandana Vaziri , Frank Tip, Finding bugs efficiently with a SAT solver, Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering, September 03-07, 2007, Dubrovnik, Croatia
Sriram Sankaranarayanan , Richard M. Chang , Guofei Jiang , Franjo Ivancic, State space exploration using feedback constraint generation and Monte-Carlo sampling, Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering, September 03-07, 2007, Dubrovnik, Croatia
Emily Hill, Developing natural language-based program analyses and tools to expedite software maintenance, Companion of the 30th international conference on Software engineering, May 10-18, 2008, Leipzig, Germany
Cemal Yilmaz , Amit Paradkar , Clay Williams, Time will tell: fault localization using time spectra, Proceedings of the 30th international conference on Software engineering, May 10-18, 2008, Leipzig, Germany
Lucas M. Layman , Laurie A. Williams , Robert St. Amant, MimEc: intelligent user notification of faults in the eclipse IDE, Proceedings of the 2008 international workshop on Cooperative and human aspects of software engineering, p.73-76, May 13-13, 2008, Leipzig, Germany
Michael S. Ware , Christopher J. Fox, Securing Java code: heuristics and an evaluation of static analysis tools, Proceedings of the 2008 workshop on Static analysis, p.12-21, June 12-12, 2008, Tucson, Arizona
Alexey Loginov , Eran Yahav , Satish Chandra , Stephen Fink , Noam Rinetzky , Mangala Nanda, Verifying dereference safety via expanding-scope analysis, Proceedings of the 2008 international symposium on Software testing and analysis, July 20-24, 2008, Seattle, WA, USA
Macneil Shonle , William G. Griswold , Sorin Lerner, Addressing common crosscutting problems with Arcum, Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, November 09-10, 2008, Atlanta, Georgia
Neha Rungta , Eric G. Mercer, Guided model checking for programs with polymorphism, Proceedings of the 2009 ACM SIGPLAN workshop on Partial evaluation and program manipulation, January 19-20, 2009, Savannah, GA, USA
Sai Zhang , Yu Lin , Zhongxian Gu , Jianjun Zhao, Effective identification of failure-inducing changes: a hybrid approach, Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, November 09-10, 2008, Atlanta, Georgia
Haihao Shen , Sai Zhang , Jianjun Zhao , Jianhong Fang , Shiyuan Yao, XFindBugs: eXtended FindBugs for AspectJ, Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, November 09-10, 2008, Atlanta, Georgia
Sunae Seo , Youil Kim , Hyun-Goo Kang , Taisook Han, A Static Bug Detector for Uninitialized Field References in Java Programs, IEICE - Transactions on Information and Systems, v.E90-D n.10, p.1663-1671, October 2007
Mangala Gowri Nanda , Saurabh Sinha, Accurate Interprocedural Null-Dereference Analysis for Java, Proceedings of the 2009 IEEE 31st International Conference on Software Engineering, p.133-143, May 16-24, 2009
Kai Pan , Sunghun Kim , E. James Whitehead, Jr., Toward an understanding of bug fix patterns, Empirical Software Engineering, v.14 n.3, p.286-315, June 2009
Ben H. Smith , Laurie Williams, On guiding the augmentation of an automated test suite via mutation analysis, Empirical Software Engineering, v.14 n.3, p.341-369, June 2009
Collaborative Colleagues:
David Hovemeyer: colleagues
William Pugh: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player