Tracking bad apples: reporting the origin of null and undefined value errors

  title={Tracking bad apples: reporting the origin of null and undefined value errors},
  author={Michael D. Bond and Nicholas Nethercote and Stephen W. Kent and Samuel Z. Guyer and Kathryn S. McKinley},
  journal={Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems, languages and applications},
  • Michael D. Bond, N. Nethercote, K. McKinley
  • Published 21 October 2007
  • Computer Science
  • Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems, languages and applications
Programs sometimes crash due to unusable values, for example, when Java and C# programs dereference null pointers and when C and C++ programs use undefined values to affect program behavior. A stack trace produced on such a crash identifies the effect of the unusable value, not its cause, and is often not much help to the programmer. This paper presents efficient origin tracking of unusable values; it shows how to record where these values come into existence, correctly propagate them, and… 

Figures and Tables from this paper

Querypoint: moving backwards on wrong values in the buggy execution
As developers debug, they often have to seek the origins of wrong values they see in their debugger. This search must be performed backwards in time since the code causing the wrong value is executed
Debugging by lastChange
A new, practical feature for debuggers called \textit{lastChange}, which automatically locates the last point that a variable or an object property has been changed, which combines the flexibility of breakpoint debugging with the expressive power of log-based query debugging.
Dynamic Error Remediation : A Case Study with Null Pointer Exceptions
This paper describes dynamic error remediation, and its effectiveness, with different strategies for handling the exceptions, and describes origin tracking, a JVM modification which exposes the origin of null values that cause null pointer exceptions.
Uncovering performance problems in Java applications with reference propagation profiling
A novel analysis that profiles the run-time execution to help programmers uncover potential performance problems is presented, and a study of the properties of reference propagation graphs produced by profiling 36 Java programs is presented.
An Automatic Localization Tool for Null Pointer Exceptions
An automatically null pointer exception localization approach guided by stack trace, from the null pointer dereference to the null value assignment point is proposed, and an empirical study is designed to evaluate the effectiveness of the tool on eight open source projects.
Endicheck: Dynamic Analysis for Detecting Endianness Bugs
Endicheck is presented, a dynamic analysis tool for detecting endianness bugs, which is based on the popular Valgrind framework and can successfully identify manyendianness-related bugs and provide useful diagnostic messages together with the source code locations of respective bugs.
VFix: Value-Flow-Guided Precise Program Repair for Null Pointer Dereferences
VFIX is presented, a new value-flow-guided APR approach, to fix null pointer exception (NPE) bugs by considering a substantially reduced solution space in order to greatly increase the number of correct patches generated.
Practical Object-Oriented Back-in-Time Debugging
This paper proposes a practical approach that attempts to keep track of only the relevant data, and keeps object history information together with the regular objects in the application memory so that data not reachable from current application objects is garbage collected.
Valence: variable length calling context encoding
A new compiler-based strategy that significantly reduces the length of calling context encoding with little or no impact on instrumentation costs for many applications and leverages static analysis and variable length instrumentation to record each piece of the calling context using only a small number of bits.
Measuring enforcement windows with symbolic trace interpretation: what well-behaved programs say
It is made the observation that there is a minimal range of code needed to prove a property of interest under an ideal static analysis; this paper creates a dynamic measurement framework that quantifies validation scopes and thus enables designers to rule out insufficient designs at lower cost.


Using Valgrind to Detect Undefined Value Errors with Bit-Precision
Memcheck detects a wide range of memory errors in programs as they run, and improves on that of previous tools by being accurate to the level of individual bits, giving Memcheck a low false positive and false negative rate.
Tracking down software bugs using automatic anomaly detection
The DIDUCE system for Java programs is implemented and applied and suggests that detecting and checking program invariants dynamically is a simple and effective methodology for debugging many different kinds of program errors across a wide variety of application domains.
Evaluating and tuning a static analysis to find null pointer bugs
It is shown that simple analysis techniques can be used to identify many software defects, both in production code and in student code, and are able to pinpoint 50% to 80% of the defects leading to a null pointer exception at runtime.
Fast detection of memory leaks and access errors
Purify's nearly comprehensive memory access checking slows the target program down typically by less than a factor of three and has resulted in significantly more reliable software for several development groups.
AccMon: Automatically Detecting Memory-Related Bugs via Program Counter-Based Invariants
A novel statistics-based, on-the-fly bug detection method called PC-based invariant detection, which can detect bugs that do not violate any programming rules and that are likely to be missed by many existing tools, and a novel architectural extension called the Check Look-aside Buffer (CLB).
TraceBack: first fault diagnosis by reconstruction of distributed control flow
TraceBack provides debugging information for production systems by providing execution history data about program problems, and uses static, binary program analysis to inject low-overhead runtime instrumentation at control-flow block granularity.
DieHard: probabilistic memory safety for unsafe languages
Analytical and experimental results are presented that show DieHard's resilience to a wide range of memory errors, including a heap-based buffer overflow in an actual application.
Exploiting hardware performance counters with flow and context sensitive profiling
This paper extends previous work on efficient path profiling to flow sensitive profiling, which associates hardware performance metrics with a path through a procedure, and describes a data structure, the calling context tree, that efficiently captures calling contexts for procedure-level measurements.
Redux: A Dynamic Dataflow Tracer
Rx: treating bugs as allergies---a safe method to survive software failures
This paper proposes an innovative safe technique, called Rx, which can quickly recover programs from many types of software bugs, both deterministic and non-deterministic, which requires few to no modifications to applications and provides programmers with additional feedback for bug diagnosis.