skip to main content
article

Finding bugs is easy

Published:01 December 2004Publication History
Skip Abstract Section

Abstract

Many techniques have been developed over the years to automatically find bugs in software. Often, these techniques rely on formal methods and sophisticated program analysis. While these techniques are valuable, they can be difficult to apply, and they aren't always effective in finding real bugs.Bug patterns are code idioms that are often errors. We have implemented automatic detectors for a variety of bug patterns found in Java programs. In this paper, we describe how we have used bug pattern detectors to find serious bugs in several widely used Java applications and libraries. We have found that the effort required to implement a bug pattern detector tends to be low, and that even extremely simple detectors find bugs in real applications.From our experience applying bug pattern detectors to real programs, we have drawn several interesting conclusions. First, we have found that even well tested code written by experts contains a surprising number of obvious bugs. Second, Java (and similar languages) have many language features and APIs which are prone to misuse. Finally, that simple automatic techniques can be effective at countering the impact of both ordinary mistakes and misunderstood language features.

References

  1. E. Allen. Bug Patterns In Java. APress, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Apache Ant, http://ant.apache.org/, 2004.Google ScholarGoogle Scholar
  3. C. Artho and A. Biere. Applying static analysis to large-scale, multi-threaded Java. In Proceedings of the 13th Australian Software Engineering Conference, pages 68--75, August 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. K. Ashcraft and D. Engler. Using programmer-written compiler extensions to catch security holes. In IEEE Symposium on Security and Privacy, Oakland, California, May 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. G. Back and D. Engler. MJ: A system for constructing bug-finding analyses for Java. http://www.stanford.edu/~gback/gback-icse2004.pdf, 2003.Google ScholarGoogle Scholar
  6. T. Ball and S. K. Rajamani. The SLAM project: Debugging system software via static analysis. In Proceedings of the 29th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 1--3, Portland, Oregon, Jan. 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. The Byte Code Engineering Library, http://jakarta.apache.org/bcel/, 2004.Google ScholarGoogle Scholar
  8. J. Bloch. Effective Java Programming Language Guide. Addison-Wesley, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. W. R. Bush, J. D. Pincus, and D. J. Sielaff. A static analyzer for finding dynamic programming errors. Software---Practice & Experience, 30:775--802, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. CheckStyle, http://checkstyle.sourceforge.net, 2004.Google ScholarGoogle Scholar
  11. J.-D. Choi, K. Lee, A. Loginov, R. O'Callahan, V. Sarkar, and M. Sridharan. Efficient and precise datarace detection for multithreaded object-oriented programs. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, July 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. A. Chou, J. Yang, B. Chelf, S. Hallem, and D. R. Engler. An empirical study of operating system errors. In Symposium on Operating Systems Principles, pages 73--88, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. R. F. Crew. ASTLOG: A language for examining abstract syntax trees. In USENIX Conference on Domain Specific Languages, pages 229--241, Santa Barbara, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. M. C. Daconta, E. Monk, J. P. Keller, and K. Bohnenberger. Java Pitfalls. John Wiley & Sons, Inc., 2000.Google ScholarGoogle Scholar
  15. M. Das, S. Lerner, and M. Seigle. ESP: path-sensitive program verification in polynomial time. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 57--68, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. DrJava, http://www.drjava.org/, 2004.Google ScholarGoogle Scholar
  17. A. Druin, B. Bederson, A. Weeks, A. Farber, J. Grosjean, M. Guha, J. Hourcade, J. Lee, S. Liao, K. Reuter, A. Rose, Y. Takayama, L., and L. Zhang. The international children's digital library: Description and analysis of first use. Technical Report HCIL-2003-02, Human-Computer Interaction Lab, Univ. of Maryland, January 2003.Google ScholarGoogle ScholarCross RefCross Ref
  18. Eclipse, http://www.eclipse.org/, 2004.Google ScholarGoogle Scholar
  19. D. Engler and K. Ashcraft. Racerx: Effective, static detection of race conditions and deadlocks. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pages 237--252. ACM Press, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of the Fourth Symposium on Operating Systems Design and Implementation, San Diego, CA, Oct. 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. M. D. Ernst, J. Cockrell, W. G. Griswold, and D. Notkin. Dynamically discovering likely program invariants to support program evolution. IEEE Transactions in Software Engineering, 27(2):1--25, Feb. 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. D. Evans. Static detection of dynamic memory errors. In Proceedings of the 1996 ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 44--53, Philadelphia, Pennsylvania, May 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. D. Evans, J. Guttag, J. Horning, and Y. M. Tan. LCLint: A tool for using specifications to check code. In Proceedings of the ACM SIGSOFT '94 Symposium on the Foundations of Software Engineering, pages 87--96, 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for Java. In Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 234--245, Berlin, Germany, June 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. J. S. Foster, M. Fähndrich, and A. Aiken. A theory of type qualifiers. In Proceedings of the 1999 ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 192--203, Atlanta, Georgia, May 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. J. S. Foster, T. Terauchi, and A. Aiken. Flow-sensitive type qualifiers. In Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 1--12, Berlin, Germany, June 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. GNU Classpath, http://www.gnu.org/software/classpath/, 2004.Google ScholarGoogle Scholar
  28. S. Hallem, B. Chelf, Y. Xie, and D. Engler. A system and language for building system-specific, static analyses. In Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 69--82, Berlin, Germany, June 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. S. Hangal and M. S. Lam. Tracking down software bugs using automatic anomaly detection. In Proceedings of the International Conference on Software Engineering, pages 291--301, May 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. D. Hovemeyer and W. Pugh. Finding concurrency bugs in Java. In Proceedings of the PODC Workshop on Concurrency and Synchronization in Java Programs, St. John's, Newfoundland, Canada, July 2004.Google ScholarGoogle Scholar
  31. Java(tm) 2 Platform, Standard Edition, http://java.sun.com/j2se/, 2004.Google ScholarGoogle Scholar
  32. Collected java practices. http://www.javapractices.com.Google ScholarGoogle Scholar
  33. JBoss, http://www.jboss.org/, 2004.Google ScholarGoogle Scholar
  34. jEdit, http://www.jedit.org/, 2004.Google ScholarGoogle Scholar
  35. S. Johnson, Lint, a C program checker. In UNIX Programmer's Supplementary Documents Volume 1 (PS1), April 1986.Google ScholarGoogle Scholar
  36. T. Kremenek and D. R. Engler. Z-ranking: Using statistical analysis to counter the impact of static analysis approximations. In Proceedings of Static Analysis, 10th International Symposium, SAS 2003, San Diego, CA, USA, pages 295--315, June 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Y. A. Liu, T. Rothamel, F. Yu, S. Stoller, and N. Hu. Parametric regular path queries. In Proceedings of the 2004 ACM SIGPLAN Conference on Programming Language Design and Implementation, Washington, D.C., USA, June 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. PMD, http://pmd.sourceforge.net, 2004.Google ScholarGoogle Scholar
  39. W. Pugh. The double checked locking is broken declaration. http://www.cs.umd.edu/users/pugh/java/memory-Model/DoubleCheckedLocking.html, July 2000.Google ScholarGoogle Scholar
  40. N. Rutar, C. Almazan, and J. S. Foster. A comparison of bug finding tools for Java. In Proceedings of the 15th IEEE International Symposium on Software Reliability Engineering, Saint-Malo, France, November 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson. Eraser: A dynamic data race detector for multithreaded programs. ACM Transactions on Computer Systems, 15(4):391--411, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. D. Schmidt and T. Harrison. Double-checked locking: An Optimization pattern for efficiently initializing and accessing thread-safe objects. In 3rd Annual Pattern Languages of Program Design Conference, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. U. Shankar, K. Talwar, J. S. Foster, and D. Wagner. Detecting format string vulnerabilities with type qualifiers. In Proceedings of the 10th Usenix Security Symposium, Washington, D.C., Aug. 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. N. Sterling. WARLOCK --- a static data race analysis tool. In Proceedings of the USENIX Annual Technical Conference, pages 97--106, Winter 1993.Google ScholarGoogle Scholar
  45. B. Tate. Bitter Java. Manning Publications, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Y. Xie and D. Engler. Using redundancies to find errors. In Proceedings of the ACM SIGSOFT International Symposium on the Foundations of Software Engineering, November 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Finding bugs is easy
        Index terms have been assigned to the content through auto-classification.

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM SIGPLAN Notices
          ACM SIGPLAN Notices  Volume 39, Issue 12
          December 2004
          116 pages
          ISSN:0362-1340
          EISSN:1558-1160
          DOI:10.1145/1052883
          Issue’s Table of Contents

          Copyright © 2004 Authors

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 1 December 2004

          Check for updates

          Qualifiers

          • article

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader