Finding more null pointer bugs, but not too many

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Finding more null pointer bugs, but not too many

Full text

Pdf (307 KB)

Source

Workshop on Program Analysis for Software Tools and Engineering archive
Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering table of contents

San Diego, California, USA

Pages: 9 - 14

Year of Publication: 2007

ISBN:978-1-59593-595-3

Authors

David Hovemeyer	York College of Pennsylvania, York, PA
William Pugh	Univ. of Maryland, College Park, MD

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages
ACM: Association for Computing Machinery
SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 13, Downloads (12 Months): 79, Citation Count: 7

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1251535.1251537 What is a DOI?

ABSTRACT

In the summer of 2006, the FindBugs project was challenged to improve the null pointer analysis in FindBugs so that we could find more null pointer bugs. In particular, we were challenged to try to do as well as a publicly available analysis by Reasoning, Inc on version 4.1.24 of Apache Tomcat. Reasoning's report is a result of running their own static analysis tool and using manual auditing to remove false positives. Reasoning reported a total of 9 null pointer warnings in Tomcat 4.1.24, of which only 2 were reported by FindBugs 1.0. While we wanted to improve the analysis in FindBugs, we wanted to retain our current low level of false positives.

As of result of the work presented in this paper, FindBugs now reports 4 of the 9 warnings in Tomcat, shows that one of the warnings reported by Reasoning is a false positive, and classifies the remaining 4 as being dependent on the feasibility of a particular path, which cannot be easier ascertained by a local examination of the source code. Moreover, we found 24 additional null pointer bugs in Tomcat that had been missed by Reasoning, and overall doubled the number of null pointer bugs found by FindBugs while improving the quality and significance of reported defects.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Apache Tomcat. http://tomcat.apache.org, 2006.
	2	Isil Dillig , Thomas Dillig , Alex Aiken, Static error detection using semantic inconsistency inference, Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation, June 10-13, 2007, San Diego, California, USA
	3	Dawson Engler , Ken Ashcraft, RacerX: effective, static detection of race conditions and deadlocks, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	4	Dawson Engler , David Yu Chen , Seth Hallem , Andy Chou , Benjamin Chelf, Bugs as deviant behavior: a general approach to inferring errors in systems code, Proceedings of the eighteenth ACM symposium on Operating systems principles, October 21-24, 2001, Banff, Alberta, Canada
	5	David Evans, Static detection of dynamic memory errors, Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation, p.44-53, May 21-24, 1996, Philadelphia, Pennsylvania, United States
	6	David Hovemeyer , Jaime Spacco , William Pugh, Evaluating and tuning a static analysis to find null pointer bugs, Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, September 05-06, 2005, Lisbon, Portugal
	7	W. Pugh. Null pointer detection microbenchmarks. http://findbugs.googlecode.com/svn/trunk/NullPointerBenchmark/, 2006.
	8	Reasoning, Inc. Reasoning inspection service defect data report for Tomcat, version 4.1.24, January 2003. http://www.reasoning.com/pdf/Tomcat Defect Report.pdf.

CITED BY 7

	Daniel J. Quinlan , Richard W. Vuduc , Ghassan Misherghi, Techniques for specifying bug patterns, Proceedings of the 2007 ACM workshop on Parallel and distributed systems: testing and debugging, July 09-09, 2007, London, United Kingdom
	Nathaniel Ayewah , William Pugh, A report on a survey and study of static analysis users, Proceedings of the 2008 workshop on Defects in large software systems, July 20-20, 2008, Seattle, Washington
	Xi Wang , Zhenyu Guo , Xuezheng Liu , Zhilei Xu , Haoxiang Lin , Xiaoge Wang , Zheng Zhang, Hang analysis: fighting responsiveness bugs, ACM SIGOPS Operating Systems Review, v.42 n.4, May 2008
	Laurent Hubert, A non-null annotation inferencer for Java bytecode, Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, November 09-10, 2008, Atlanta, Georgia
	Nathaniel Ayewah , William Pugh, Using checklists to review static analysis warnings, Proceedings of the 2nd International Workshop on Defects in Large Software Systems: Held in conjunction with the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2009), July 19-19, 2009, Chicago, Illinois
	Haihao Shen , Sai Zhang , Jianjun Zhao , Jianhong Fang , Shiyuan Yao, XFindBugs: eXtended FindBugs for AspectJ, Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, November 09-10, 2008, Atlanta, Georgia
	Mangala Gowri Nanda , Saurabh Sinha, Accurate Interprocedural Null-Dereference Analysis for Java, Proceedings of the 2009 IEEE 31st International Conference on Software Engineering, p.133-143, May 16-24, 2009