research-article

Using Static Analysis to Find Bugs

Authors:
Nathaniel Ayewah

University of Maryland, College Park

University of Maryland, College Park
View Profile

,
David Hovemeyer

York College of Pennsylvania

York College of Pennsylvania
View Profile

,
J. David Morgenthaler

Google

Google
View Profile

,
John Penix

Google

Google
View Profile

,
William Pugh

University of Maryland, College Park

University of Maryland, College Park
View Profile

IEEE Software Volume 25 Issue 5September 2008pp 22–29https://doi.org/10.1109/MS.2008.130

Published:01 September 2008Publication History

IEEE Software

Abstract

Static analysis examines code in the absence of input data and without running the code. It can detect potential security violations (SQL injection), runtime errors (dereferencing a null pointer) and logical inconsistencies (a conditional test that can't possibly be true). Although a rich body of literature exists on algorithms and analytical frameworks used by such tools, reports describing experiences in industry are much harder to come by. The authors describe FindBugs, an open source static-analysis tool for Java, and experiences using it in production settings. FindBugs evaluates what kinds of defects can be effectively detected with relatively simple techniques and helps developers understand how to incorporate such tools into software development.

Index Terms

Using Static Analysis to Find Bugs
1. Social and professional topics
  1. Professional topics
    1. Management of computing and information systems
      1. System management
        Quality assurance
2. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging
  2. Software notations and tools
    1. General programming languages
      1. Language types

Recommendations

The Google FindBugs fixit
ISSTA '10: Proceedings of the 19th international symposium on Software testing and analysis

In May 2009, Google conducted a company wide FindBugs "fixit". Hundreds of engineers reviewed thousands of FindBugs warnings, and fixed or filed reports against many of them. In this paper, we discuss the lessons learned from this exercise, and analyze ...
Read More
Finding more null pointer bugs, but not too many
PASTE '07: Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering

In the summer of 2006, the FindBugs project was challenged to improve the null pointer analysis in FindBugs so that we could find more null pointer bugs. In particular, we were challenged to try to do as well as a publicly available analysis by ...
Read More
Finding bugs in eclipse
OOPSLA '07: Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion

This will be a live demonstration of FindBugs, a static analysis bug finding tool, on the current development version of Eclipse 3.4. FindBugs reports issues such as null pointer dereferences, comparing incompatible types with equals, invalid method ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in

IEEE Software Volume 25, Issue 5
September 2008
92 pages
ISSN:0740-7459
Issue’s Table of Contents

Copyright © 2008
Sponsors
In-Cooperation
Publisher
IEEE Computer Society Press
Washington, DC, United States
Publication History
- Published: 1 September 2008
Author Tags
FindBugs
bug patterns
code quality
software defects
software quality
static analysis
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 157
  Total Citations
  View Citations
- 0
  Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

Using Static Analysis to Find Bugs

IEEE Software

Abstract

Cited By

Index Terms

Recommendations

The Google FindBugs fixit

Finding more null pointer bugs, but not too many

Finding bugs in eclipse

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Author Tags

Qualifiers

Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

Digital Edition

Caption

Using Static Analysis to Find Bugs

IEEE Software

Abstract

Cited By

Index Terms

Recommendations

The Google FindBugs fixit

Finding more null pointer bugs, but not too many

Finding bugs in eclipse

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Author Tags

Qualifiers

Conference

Funding Sources

Article Metrics

Other Metrics

Digital Edition

Share this Publication link

Share on Social Media