Presentation is loading. Please wait.

Presentation is loading. Please wait.

Evaluating and Tuning a Static Analysis to Find Null Pointer Bugs David Hovemeyer, Jaime Spacco, and William Pugh Presented by Nathaniel Ayewah CMSC838P.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Evaluating and Tuning a Static Analysis to Find Null Pointer Bugs David Hovemeyer, Jaime Spacco, and William Pugh Presented by Nathaniel Ayewah CMSC838P."— Presentation transcript:

1 Evaluating and Tuning a Static Analysis to Find Null Pointer Bugs David Hovemeyer, Jaime Spacco, and William Pugh Presented by Nathaniel Ayewah CMSC838P 11/16/2006

2 Why Simple Programmers make simple mistakes // org.eclipse.jdt.internal.ui.compare.JavaStructureDiffViewer Control c = getControl(); if (c == null && c.isDisposed()) return; Low False Positive Rate Cannot find all bugs 

3 Findbugs

4 INPUTPROCESSINGOUTPUT Set of “.class” files containing byte-code Configurations Bug Pattern Code Source Line Number Descriptive Message Detectors

5 Findbugs DetectorsPROCESSING Independent of each other May share some resources GOAL: Low false positives Each detector is driven by a set of heuristics Know Your Bug Patterns

6 OutputHIGH SEVERE RISK OF PROGRAM FAILURE MEDIUM ELEVATED RISK OF PROGRAM FAILURE LOW LOW RISK OF PROGRAM FAILURE Source: US Department of Program Security

7 Findbugs Detectors PROCESSING Null Pointer Analysis

8 PROCESSING Forward intra-procedural Build Control Flow graph for each method Data-flow Frame Method parmeter, local variable, or stack operand Null NonNull Slot

9 Simple Analysis Detector foo = null; foo.execute(); Dereferencing Null Detector foo = new Detector(…); foo.execute(); Dereferencing NonNull HIGH SEVERE RISK OF PROGRAM FAILURE

10 If only it were that simple… Is a method’s parameter null? void foo(Object obj) { int x = obj.hashcode(); … } Infeasible Paths

11 Guard indirectly connected to null check boolean b; if (p != null) b = true; else b = false; if (b) p.f()

12 Infeasible Paths Assertions p = null;... // throws exception if p null: checkAssertion(p != null); p.f(); // safe

13 Infeasible Paths Checked Exceptions that are never thrown Foo dup = null; try { dup = super.clone(); } catch (CloneNotSupportedException e) { // Can’t happen } dup.contents =...

14 Solution NullNonNullNull and NonNull are not enough No Kaboom NonNull Checked NonNull NonNull NCPNull-E NSP-ENull NSP if (b) { A } else { B } C  ?

15 Solution Dereferencing a variable that has value Null, NSP, … Null-E NSP-ENull NSP … HIGH SEVERE RISK OF PROGRAM FAILURE MEDIUM ELEVATED RISK OF PROGRAM FAILURE LOW LOW RISK OF PROGRAM FAILURE MEDIUM ELEVATED RISK OF PROGRAM FAILURE

16 Solution Choosing a value for a variable after each statement: Statement Value of p p = null Null p = this NonNull p = new... NonNull p = "string" NonNull p = Foo.class NonNull p = q.x NCP p = a[i] NCP p = f() NCP

17 Solution: Infeasible Paths p = null; Null p = new … NonNull NSP Null NCP

18 Solution: Infeasible Paths Null or NSP checkAssertion(p != null) NCP p.f()

19 Solution: Infeasible Paths try { } catch(Exception e) { } NullNSP Null-ENSP-E

20 Comparing a Value to null foo.execute(); if (foo != null) {... } Comparing No-Kaboom to null HIGH SEVERE RISK OF PROGRAM FAILURE

21 Comparing a value to null Detector foo = null; if (foo != null) { foo.execute(); } Comparing Null to null if (foo != null) {... if (foo == null) { foo = new... } Comparing Checked NonNull to null MEDIUM ELEVATED RISK OF PROGRAM FAILURE R.I.P MEDIUM ELEVATED RISK OF PROGRAM FAILURE R.I.P

22 Other Solutions Check for methods that unconditionally dereference parameters Annotations –@NotNull: parameter/return value must not be null –@CheckForNull: check the parameter/return value before dereferencing it

23 Experiments: Student Code With Annotations ProjectNPEWarning FN % Search Tree Web Spider 71 162 38 127 46 21 ProjectWarningNPE FP % Search Tree Web Spider 40 129 36 101 10 21

24 Experiments: Student Code Without Annotations ProjectNPEWarning FN % Search Tree Web Spider 71 162 1 47 98 70 ProjectWarningNPE FP % Search Tree Web Spider 2 77 2 75 0202

25 Experiments: Production Code Cannot calc. false negatives!  Warning typeSeriousFalse FP % Null dereference No-Kaboom RCN Other RCN 73 33 15 16 15 17 18 31 53 Eclipse 3.0.1

26 Conclusion More inter-procedural techniques could find more bugs But often finding simple bugs with low FP rate is effective

Download ppt "Evaluating and Tuning a Static Analysis to Find Null Pointer Bugs David Hovemeyer, Jaime Spacco, and William Pugh Presented by Nathaniel Ayewah CMSC838P."

Similar presentations

1. Define the concept of assertions. 1 Explain the use of assertions. 2 Create Java program using assertions. 3 Run Java program using assertions. 4 2.

1. Define the concept of assertions. 1 Explain the use of assertions. 2 Create Java program using assertions. 3 Run Java program using assertions. 4 2.
Detecting Bugs Using Assertions Ben Scribner. Defining the Problem  Bugs exist  Unexpected errors happen Hardware failures Loss of data Data may exist.

Detecting Bugs Using Assertions Ben Scribner. Defining the Problem  Bugs exist  Unexpected errors happen Hardware failures Loss of data Data may exist.
Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.

Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.
Compilation 2007 Code Generation Michael I. Schwartzbach BRICS, University of Aarhus.

Compilation 2007 Code Generation Michael I. Schwartzbach BRICS, University of Aarhus.
CMSC 202 Exceptions 2 nd Lecture. Aug 7, 20072 Methods may fail for multiple reasons public class BankAccount { private int balance = 0, minDeposit =

CMSC 202 Exceptions 2 nd Lecture. Aug 7, Methods may fail for multiple reasons public class BankAccount { private int balance = 0, minDeposit =
Chapter 8Java: an Introduction to Computer Science & Programming - Walter Savitch 1 Chapter 8 l Basic Exception Handling »the mechanics of exceptions l.

Chapter 8Java: an Introduction to Computer Science & Programming - Walter Savitch 1 Chapter 8 l Basic Exception Handling »the mechanics of exceptions l.
SE-1020 Dr. Mark L. Hornick 1 Exceptions and Exception Handling.

SE-1020 Dr. Mark L. Hornick 1 Exceptions and Exception Handling.
Lesson 16 Exceptions Lesson 14 -- Exceptions1. Murphy’s Law Anything that can go wrong will go wrong Lesson 14 -- Exceptions2.

Lesson 16 Exceptions Lesson Exceptions1. Murphy’s Law Anything that can go wrong will go wrong Lesson Exceptions2.
1 / 89 COP 3503 FALL 2012 SHAYAN JAVED LECTURE 11 Programming Fundamentals using Java 1.

1 / 89 COP 3503 FALL 2012 SHAYAN JAVED LECTURE 11 Programming Fundamentals using Java 1.
Find Bugs is Easy By- David H. Hovemeyer & William Pugh Summary by- Sahul Peermohammed.

Find Bugs is Easy By- David H. Hovemeyer & William Pugh Summary by- Sahul Peermohammed.
Lecture 27 Exceptions COMP1681 / SE15 Introduction to Programming.

Lecture 27 Exceptions COMP1681 / SE15 Introduction to Programming.
Java Exceptions. Intro to Exceptions  What are exceptions? –Events that occur during the execution of a program that interrupt the normal flow of control.

Java Exceptions. Intro to Exceptions  What are exceptions? –Events that occur during the execution of a program that interrupt the normal flow of control.
RubyPolish: Static Bug Detection in Ruby Programs John Locke Alex Mont.

RubyPolish: Static Bug Detection in Ruby Programs John Locke Alex Mont.
1 CMSC 132: Object-Oriented Programming II Nelson Padua-Perez William Pugh Department of Computer Science University of Maryland, College Park.

1 CMSC 132: Object-Oriented Programming II Nelson Padua-Perez William Pugh Department of Computer Science University of Maryland, College Park.
Declaring and Checking Non-null Types in an Object-Oriented Language Authors: Manuel Fahndrich K. Rustan M. Leino OOPSLA’03 Presenter: Alexander Landau.

Declaring and Checking Non-null Types in an Object-Oriented Language Authors: Manuel Fahndrich K. Rustan M. Leino OOPSLA’03 Presenter: Alexander Landau.
Exceptions. Many problems in code are handled when the code is compiled, but not all Some are impossible to catch before the program is run  Must run.

Exceptions. Many problems in code are handled when the code is compiled, but not all Some are impossible to catch before the program is run  Must run.
CSE 6329 Project Team 1 Aliasgar Kagalwala Aditya Mone Derek White Dengfeng (Thomas) Xia.

CSE 6329 Project Team 1 Aliasgar Kagalwala Aditya Mone Derek White Dengfeng (Thomas) Xia.
Unit Testing & Defensive Programming. F-22 Raptor Fighter.

Unit Testing & Defensive Programming. F-22 Raptor Fighter.
Crystal-izing Sophisticated Code Analyses Ciera Jaspan Kevin Bierhoff Jonathan Aldrich

Crystal-izing Sophisticated Code Analyses Ciera Jaspan Kevin Bierhoff Jonathan Aldrich
Java. Why Java? It’s the current “hot” language It’s almost entirely object-oriented It has a vast library of predefined objects It’s platform independent.

Java. Why Java? It’s the current “hot” language It’s almost entirely object-oriented It has a vast library of predefined objects It’s platform independent.

Similar presentations

Ads by Google