Finding Bugs is Easy
Ballroom C
Wednesday, 11:15, 45 minutes | 7 | · | 8 | · | 9 | · | 10 | · | 11 | · | 12 | · | 13 | · | 14 | · | 15 | · | 16 | · | 17 | · | 18 | · | 19 | · | 20 | · | 21 |
David Hovemeyer, University of Maryland
William Pugh, University of Maryland
Many techniques have been developed over the years to
automatically find bugs in software. Often, these
techniques rely on formal methods and sophisticated
program analysis. While these techniques are valuable,
they can be diffcult to apply, and they aren?t always
effective in finding real bugs.
Bug patterns are code idioms that are often errors. We have
implemented automatic detectors for a variety of bug patterns
found in Java programs. In this paper, we describe
how we have used bug pattern detectors to find real bugs in
several real-world Java applications and libraries. We have
found that the effort required to implement a bug pattern
detector tends to be low, and that even extremely simple
detectors find bugs in real applications.
From our experience applying bug pattern detectors to real
programs, we have drawn several interesting conclusions.
First, we have found that even well tested code written
by experts contains a surprising number of obvious bugs.
Second, Java (and similar languages) have many language
features and APIs which are prone to misuse. Finally, that
simple automatic techniques can be effective at countering
the impact of both ordinary mistakes and misunderstood
language features.
|
