Presentation is loading. Please wait.

Presentation is loading. Please wait.

Static Analysis Tools Emerson Murphy-Hill. A Comparison of Bug Finding Tools for Java Bug pattern detection PMD FindBugs JLint Theorem proving [involves.

Published byLaurence Leonard Modified over 8 years ago

Similar presentations

Presentation on theme: "Static Analysis Tools Emerson Murphy-Hill. A Comparison of Bug Finding Tools for Java Bug pattern detection PMD FindBugs JLint Theorem proving [involves."— Presentation transcript:

1 Static Analysis Tools Emerson Murphy-Hill

2 A Comparison of Bug Finding Tools for Java Bug pattern detection PMD FindBugs JLint Theorem proving [involves annotation] ESC/Java 2 Model checking [involves annotation] Bandera Result: little overlap in the warning generated by the tools & no correlation between the warning count and the tool  always be a need for multiple separate tools

3 [Rutar et al.]

4 FindBugs 400+ bug pattern detectors Single-threaded correctness issue Thread/synchronization correctness issue Performance issue Security and vulnerability to malicious untrusted code [Hovermeyer/Pugh]

5 References Chess, Brian and McGraw, G. Static Analysis for Security, IEEE Security & Privacy, Nov/Dec 2004. Hovermeyer, David and Pugh, William, Finding Bugs is Easy, OOPSLA 2004 Rutar, N., Almazan, C., and Foster, J., A Comparison of Bug Finding Tools for Java, ISSRE 2004. http://findbugs.sourceforge.net/ http://findbugs.sourceforge.net/manual/eclipse.html

Download ppt "Static Analysis Tools Emerson Murphy-Hill. A Comparison of Bug Finding Tools for Java Bug pattern detection PMD FindBugs JLint Theorem proving [involves."

Similar presentations

Static Analysis for Security

Static Analysis for Security
Type-based Taint Analysis for Java Web Applications Wei Huang, Yao Dong and Ana Milanova Rensselaer Polytechnic Institute 1.

Type-based Taint Analysis for Java Web Applications Wei Huang, Yao Dong and Ana Milanova Rensselaer Polytechnic Institute 1.
A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.

A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.
Designed-in Security Some Major Challenges Security Group Department of Computer Science University of California, Santa Barbara Trustworthy.

Designed-in Security Some Major Challenges Security Group Department of Computer Science University of California, Santa Barbara Trustworthy.
Code Reviews James Walden Northern Kentucky University.

Code Reviews James Walden Northern Kentucky University.
Engineering Secure Software. The Power of Source Code  White box testing Testers have intimate knowledge of the specifications, design, Often done by.

Engineering Secure Software. The Power of Source Code  White box testing Testers have intimate knowledge of the specifications, design, Often done by.
A Metric for Evaluating Static Analysis Tools Katrina Tsipenyuk, Fortify Software Brian Chess, Fortify Software.

A Metric for Evaluating Static Analysis Tools Katrina Tsipenyuk, Fortify Software Brian Chess, Fortify Software.
Static Code Analysis to Find Bugs Wright.edu CS7140 Spring 2013 (Slides collected from many sources)

Static Code Analysis to Find Bugs Wright.edu CS7140 Spring 2013 (Slides collected from many sources)
Cole Cecil. Peer Code Review 2 Why do a peer code review? Find defects earlier Find different kinds of defects Share knowledge among peers Maintainability.

Cole Cecil. Peer Code Review 2 Why do a peer code review? Find defects earlier Find different kinds of defects Share knowledge among peers Maintainability.
Static Analysis of the VoteHere VHTi Reference Implementation Using Flawfinder and RATS Markus Dale December 2005.

Static Analysis of the VoteHere VHTi Reference Implementation Using Flawfinder and RATS Markus Dale December 2005.
Evaluating and Tuning a Static Analysis to Find Null Pointer Bugs David Hovemeyer, Jaime Spacco, and William Pugh Presented by Nathaniel Ayewah CMSC838P.

Evaluating and Tuning a Static Analysis to Find Null Pointer Bugs David Hovemeyer, Jaime Spacco, and William Pugh Presented by Nathaniel Ayewah CMSC838P.
MULTIVIE W Slide 1 (of 21) Removing Duplication from java.io: a Case Study using Traits Emerson R. Murphy-Hill, Philip J. Quitslund, Andrew P. Black Maseeh.

MULTIVIE W Slide 1 (of 21) Removing Duplication from java.io: a Case Study using Traits Emerson R. Murphy-Hill, Philip J. Quitslund, Andrew P. Black Maseeh.
An overview of JML tools and applications Lilian Burdy Gemplus Yoonsik Cheon, Gary Leavens Iowa Univ. David Cok Kodak Michael Ernst MIT Rustan Leino Microsoft.

An overview of JML tools and applications Lilian Burdy Gemplus Yoonsik Cheon, Gary Leavens Iowa Univ. David Cok Kodak Michael Ernst MIT Rustan Leino Microsoft.
Memories of Bug Fixes Sunghun Kim, Kai Pan, and E. James Whitehead Jr., University of California, Santa Cruz Presented By Gleneesha Johnson CMSC 838P,

Memories of Bug Fixes Sunghun Kim, Kai Pan, and E. James Whitehead Jr., University of California, Santa Cruz Presented By Gleneesha Johnson CMSC 838P,
RubyPolish: Static Bug Detection in Ruby Programs John Locke Alex Mont.

RubyPolish: Static Bug Detection in Ruby Programs John Locke Alex Mont.
Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?

Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?
SOFTWARE SECURITY TESTING IS IMPORTANT, DIFFERENT AND DIFFICULT Review by Rayna Burgess 4/21/2011.

SOFTWARE SECURITY TESTING IS IMPORTANT, DIFFERENT AND DIFFICULT Review by Rayna Burgess 4/21/2011.
Dynamically Discovering Likely Program Invariants to Support Program Evolution Michael D. Ernst, Jake Cockrell, William G. Griswold, David Notkin Presented.

Dynamically Discovering Likely Program Invariants to Support Program Evolution Michael D. Ernst, Jake Cockrell, William G. Griswold, David Notkin Presented.
JML TOOLS REVIEW & EVALUATION Chris Grosshans Mark Lewis-Prazen.

JML TOOLS REVIEW & EVALUATION Chris Grosshans Mark Lewis-Prazen.
Software Security Testing by Gary McGraw, Bruce Potter presented by Edward Bonver 11/07/2005.

Software Security Testing by Gary McGraw, Bruce Potter presented by Edward Bonver 11/07/2005.

Similar presentations

Ads by Google