The Experts below are selected from a list of 1002 Experts worldwide ranked by ideXlab platform
William Pugh - One of the best experts on this subject based on the ideXlab platform.
-
Finding more Null Pointer bugs, but not too many
Press, 2016Co-Authors: David Hovemeyer, William PughAbstract:In the summer of 2006, the FindBugs project was challenged to improve the Null Pointer analysis in FindBugs so that we could find more Null Pointer bugs. In particular, we were challenged to try to do as well as a publicly available analysis by Reasoning, Inc on version 4.1.24 of Apache Tomcat. Reasoning’s report is a result of running their own static analysis tool and using manual auditing to remove false positives. Reasoning reported a total of 9 Null Pointer warnings in Tomcat 4.1.24, of which only 2 were reported by FindBugs 1.0. While we wanted to improve the analysis in FindBugs, we wanted to retain our current low level of false positives. As of result of the work presented in this paper, FindBugs now reports 4 of the 9 warnings in Tomcat, shows that one of the warnings reported by Reasoning is a false positive, and classifies the remaining 4 as being dependent on the feasibility of a particular path, which cannot be easier ascertained by a local examination of the source code. Moreover, we found 24 additional Null Pointer bugs in Tomcat that had been missed by Reasoning, and overall doubled the number of Null Pointer bugs found by FindBugs while improving the quality and significance of reported defects
-
of Programming Languages—program analysis
2013Co-Authors: David Hovemeyer, Jaime Spacco, William PughAbstract:Using static analysis to detect memory access errors, such as Null Pointer dereferences, is not a new problem. However, much of the previous work has used rather sophisticated analysis techniques in order to detect such errors. In this paper we show that simple analysis techniques can be used to identify many such software defects, both in production code and in student code. In order to make our analysis both simple and effective, we use a non-standard analysis which is neither complete nor sound. However, we find that it is effective at finding an interesting class of software defects. We describe the basic analysis we perform, as well as the additional errors we can detect using techniques such as annotations and inter-procedural analysis
-
1 Experiences Using Static Analysis to Find Bugs
2013Co-Authors: Nathaniel Ayewah, John Penix, David Hovemeyer, David J. Morgenthaler, William PughAbstract:Abstract—Static analysis examines code in the absence of input data and without running the code, and can detect potential security violations (e.g., SQL injection), runtime errors (e.g., dereferencing a Null Pointer) and logical inconsistencies (e.g., a conditional test that cannot possibly be true). While there is a rich body of literature on algorithms and analytical frameworks used by such tools, reports describing experiences with such tools in industry are much harder to come by. We describe FindBugs, an open source static analysis tool for Java, and experience using it in production settings. FindBugs does not push the envelope in terms of the sophistication of its analysis techniques. Rather, it is designed to evaluate what kinds of defects can be effectively detected with relatively simple techniques and to help us understand how such tools can be incorporated into the software development process. FindBugs has been downloaded more than 580,000 times and used by many major companies and software projects. We report on experience running FindBugs against Sun’s JDK implementation, using Findbugs at Google where it has been used for more than a year and incorporated into their standard development process, and preliminary results from a survey of FindBugs users
-
using static analysis to find bugs
IEEE Software, 2008Co-Authors: Nathaniel Ayewah, John Penix, David Hovemeyer, J D Morgenthaler, William PughAbstract:Static analysis examines code in the absence of input data and without running the code. It can detect potential security violations (SQL injection), runtime errors (dereferencing a Null Pointer) and logical inconsistencies (a conditional test that can't possibly be true). Although a rich body of literature exists on algorithms and analytical frameworks used by such tools, reports describing experiences in industry are much harder to come by. The authors describe FindBugs, an open source static-analysis tool for Java, and experiences using it in production settings. FindBugs evaluates what kinds of defects can be effectively detected with relatively simple techniques and helps developers understand how to incorporate such tools into software development.
-
evaluating and tuning a static analysis to find Null Pointer bugs
Workshop on Program Analysis For Software Tools and Engineering, 2005Co-Authors: David Hovemeyer, Jaime Spacco, William PughAbstract:Using static analysis to detect memory access errors, such as Null Pointer dereferences, is not a new problem. However, much of the previous work has used rather sophisticated analysis techniques in order to detect such errors.In this paper we show that simple analysis techniques can be used to identify many such software defects, both in production code and in student code. In order to make our analysis both simple and effective, we use a non-standard analysis which is neither complete nor sound. However, we find that it is effective at finding an interesting class of software defects.We describe the basic analysis we perform, as well as the additional errors we can detect using techniques such as annotations and inter-procedural analysis.In studies of both production software and student projects, we find false positive rates of around 20% or less. In the student code base, we find that our static analysis techniques are able to pinpoint 50% to 80% of the defects leading to a Null Pointer exception at runtime.
James Noble - One of the best experts on this subject based on the ideXlab platform.
-
the billion dollar fix safe modular circular initialisation
European Conference on Object-Oriented Programming, 2013Co-Authors: Marco Servetto, Julian Mackay, Alex Potanin, James NobleAbstract:Programmers often need to initialise circular structures of objects. Initialisation should be safe (so that programs can never suffer Null Pointer exceptions or otherwise observe uninitialised values) and modular (so that each part of the circular structure can be written and compiled separately). Unfortunately, existing languages do not support modular circular initialisation: programmers in practical languages resort to Tony Hoare's "Billion Dollar Mistake": initialising variables with Nulls, and then hoping to fix them up afterward. While recent research languages have offered some solutions, none fully support safe modular circular initialisation. We present placeholders, a straightforward extension to object-oriented languages that describes circular structures simply, directly, and modularly. In typed languages, placeholders can be described by placeholder types that ensure placeholders are used safely. We define an operational semantics for placeholders, a type system for placeholder types, and prove soundness. Incorporating placeholders into object-oriented languages should make programs simultaneously simpler to write, and easier to write correctly.
-
the billion dollar fix safe modular circular initialisation with placeholders and placeholder types
European Conference on Object-Oriented Programming, 2013Co-Authors: Marco Servetto, Julian Mackay, Alex Potanin, James NobleAbstract:Programmers often need to initialise circular structures of objects. Ini- tialisation should be safe (so that programs can never suffer Null Pointer exceptions or otherwise observe uninitialised values) and modular (so that each part of the circular structure can be written and compiled separately). Unfortunately, existing languages do not support modular circular initialisation: programmers in practical languages resort to Tony Hoare's "Billion Dollar Mistake": initialising variables with Nulls, and then hoping to fix them up afterward. While recent research lan- guages have offered some solutions, none fully support safe modular circular initialisation. We present placeholders, a straightforward extension to object-oriented lan- guages that describes circular structures simply, directly, and modularly. In typed languages, placeholders can be described by placeholder types that ensure place- holders are used safely. We define an operational semantics for placeholders, a type system for placeholder types, and prove soundness. Incorporating placeholders into object-oriented languages should make programs simultaneously simpler to write, and easier to write correctly.
Fabian Trautsch - One of the best experts on this subject based on the ideXlab platform.
-
On the feasibility of automated prediction of bug and non-bug issues
Empirical Software Engineering, 2020Co-Authors: Steffen Herbold, Alexander Trautsch, Fabian TrautschAbstract:Context Issue tracking systems are used to track and describe tasks in the development process, e.g., requested feature improvements or reported bugs. However, past research has shown that the reported issue types often do not match the description of the issue. Objective We want to understand the overall maturity of the state of the art of issue type prediction with the goal to predict if issues are bugs and evaluate if we can improve existing models by incorporating manually specified knowledge about issues. Method We train different models for the title and description of the issue to account for the difference in structure between these fields, e.g., the length. Moreover, we manually detect issues whose description contains a Null Pointer exception, as these are strong indicators that issues are bugs. Results Our approach performs best overall, but not significantly different from an approach from the literature based on the fastText classifier from Facebook AI Research. The small improvements in prediction performance are due to structural information about the issues we used. We found that using information about the content of issues in form of Null Pointer exceptions is not useful. We demonstrate the usefulness of issue type prediction through the example of labelling bugfixing commits. Conclusions Issue type prediction can be a useful tool if the use case allows either for a certain amount of missed bug reports or the prediction of too many issues as bug is acceptable.
Marco Servetto - One of the best experts on this subject based on the ideXlab platform.
-
the billion dollar fix safe modular circular initialisation
European Conference on Object-Oriented Programming, 2013Co-Authors: Marco Servetto, Julian Mackay, Alex Potanin, James NobleAbstract:Programmers often need to initialise circular structures of objects. Initialisation should be safe (so that programs can never suffer Null Pointer exceptions or otherwise observe uninitialised values) and modular (so that each part of the circular structure can be written and compiled separately). Unfortunately, existing languages do not support modular circular initialisation: programmers in practical languages resort to Tony Hoare's "Billion Dollar Mistake": initialising variables with Nulls, and then hoping to fix them up afterward. While recent research languages have offered some solutions, none fully support safe modular circular initialisation. We present placeholders, a straightforward extension to object-oriented languages that describes circular structures simply, directly, and modularly. In typed languages, placeholders can be described by placeholder types that ensure placeholders are used safely. We define an operational semantics for placeholders, a type system for placeholder types, and prove soundness. Incorporating placeholders into object-oriented languages should make programs simultaneously simpler to write, and easier to write correctly.
-
the billion dollar fix safe modular circular initialisation with placeholders and placeholder types
European Conference on Object-Oriented Programming, 2013Co-Authors: Marco Servetto, Julian Mackay, Alex Potanin, James NobleAbstract:Programmers often need to initialise circular structures of objects. Ini- tialisation should be safe (so that programs can never suffer Null Pointer exceptions or otherwise observe uninitialised values) and modular (so that each part of the circular structure can be written and compiled separately). Unfortunately, existing languages do not support modular circular initialisation: programmers in practical languages resort to Tony Hoare's "Billion Dollar Mistake": initialising variables with Nulls, and then hoping to fix them up afterward. While recent research lan- guages have offered some solutions, none fully support safe modular circular initialisation. We present placeholders, a straightforward extension to object-oriented lan- guages that describes circular structures simply, directly, and modularly. In typed languages, placeholders can be described by placeholder types that ensure place- holders are used safely. We define an operational semantics for placeholders, a type system for placeholder types, and prove soundness. Incorporating placeholders into object-oriented languages should make programs simultaneously simpler to write, and easier to write correctly.
Jingling Xue - One of the best experts on this subject based on the ideXlab platform.
-
vfix value flow guided precise program repair for Null Pointer dereferences
International Conference on Software Engineering, 2019Co-Authors: Yulei Sui, Hua Yan, Jingling XueAbstract:Automated Program Repair (APR) faces a key challenge in efficiently generating correct patches from a potentially infinite solution space. Existing approaches, which attempt to reason about the entire solution space, can be ineffective (by often producing no plausible patches at all) and imprecise (by often producing plausible but incorrect patches). We present VFix, a new value-flow-guided APR approach, to fix Null Pointer exception (NPE) bugs by considering a substantially reduced solution space in order to greatly increase the number of correct patches generated. By reasoning about the data and control dependences in the program, VFix can identify bug-relevant repair statements more accurately and generate more correct repairs than before. VFix outperforms a set of 8 state-of-the-art APR tools in fixing the NPE bugs in Defects4j in terms of both precision (by correctly fixing 3 times as many bugs as the most precise one and 50% more than all the bugs correctly fixed by these 8 tools altogether) and efficiency (by producing a correct patch in minutes instead of hours).
