Skip to content
University of Maryland LibrariesDigital Repository at the University of Maryland
    • Login
    View Item 
    •   DRUM
    • Theses and Dissertations from UMD
    • UMD Theses and Dissertations
    • View Item
    •   DRUM
    • Theses and Dissertations from UMD
    • UMD Theses and Dissertations
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Simple and Effective Static Analysis to Find Bugs

    Thumbnail
    View/Open
    umi-umd-2689.pdf (586.3Kb)
    No. of downloads: 2753

    Date
    2005-07-28
    Author
    Hovemeyer, David
    Advisor
    Pugh, William W
    Metadata
    Show full item record
    Abstract
    Much research in recent years has focused on using static analysis to find bugs in software. Many new approaches employing sophisticated program analysis techniques---inter-procedural, context-sensitive, or path-sensitive---have been developed. However, comparatively little work has been done on determining what bugs can be found using <i>simple</i> analysis techniques. We have found that simple static analysis techniques are effective at finding hundreds or thousands of serious software defects in several large commercial software applications. In our research, we have attempted to characterize the bugs that can be found in production software using simple analysis techniques. Examples of simple analysis techniques include inspection of class hierarchies and method signatures, sequential scanning of program instructions using a state machine recognizer, intra-procedural dataflow analysis, and flow-insensitive whole program analysis. To determine what bugs may be found using these techniques, we performed <i>bug-driven</i> research. Starting from examples of real bugs, we tried to develop simple analysis techniques to find similar bugs. Using this approach, we found a large number of serious bugs in production applications and libraries with a relatively low percentage of false positives. The types of bugs our analysis uncovered in production code include null pointer dereferences, infinite recursive loops, data races, deadlocks, and missed thread notifications. One product of this work is a static analysis tool called FindBugs, which analyzes Java programs at the bytecode level. We have distributed FindBugs under an open-source license, and it has been widely adopted by commercial organizations and open-source projects. FindBugs has been downloaded more than 110,000 times since its initial release. Our work makes several contributions to the field. First, we have cataloged many commonly-occurring bug patterns, described effective ways of finding occurrences of those patterns automatically, and classified common reasons why these bugs occur. Second, we have measured the accuracy of our bug detectors on production software and student programming projects, validating the effectiveness of the underlying static analysis techniques. Finally, we have described techniques for determining when static analysis warnings are added or removed as software evolves.
    URI
    http://hdl.handle.net/1903/2901
    Collections
    • Computer Science Theses and Dissertations
    • UMD Theses and Dissertations

    DRUM is brought to you by the University of Maryland Libraries
    University of Maryland, College Park, MD 20742-7011 (301)314-1328.
    Please send us your comments.
    Web Accessibility
     

     

    Browse

    All of DRUMCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

    My Account

    LoginRegister
    Pages
    About DRUMAbout Download Statistics

    DRUM is brought to you by the University of Maryland Libraries
    University of Maryland, College Park, MD 20742-7011 (301)314-1328.
    Please send us your comments.
    Web Accessibility