Using Static Analysis to Find Bugs

@article{Ayewah2008UsingSA,
  title={Using Static Analysis to Find Bugs},
  author={Nathaniel Ayewah and David Hovemeyer and J. David Morgenthaler and John Penix and William W. Pugh},
  journal={IEEE Software},
  year={2008},
  volume={25}
}
Static analysis examines code in the absence of input data and without running the code. It can detect potential security violations (SQL injection), runtime errors (dereferencing a null pointer) and logical inconsistencies (a conditional test that can't possibly be true). Although a rich body of literature exists on algorithms and analytical frameworks used by such tools, reports describing experiences in industry are much harder to come by. The authors describe FindBugs, an open source static… 
Augmenting Traditional Static Analysis With Commonly Available Metadata
TLDR
This dissertation provides a method for leveraging development metadata to find bugs that would otherwise be difficult to find using standard static analysis tools.
Evaluation of Static Analysis Tools for Finding Vulnerabilities in Java and C/C++ Source Code
TLDR
This paper compares static analysis tools for Java and C/C++ source code, and explores their pros and cons.
Tracking Static Analysis Violations over Time to Capture Developer Characteristics
TLDR
This work presents an approach for tracking static analysis violations over the revision history of a program, and for precisely attributing the introduction and elimination of these violations to individual developers.
Static Detection of Bugs Caused by Incorrect Exception Handling in Java Programs
TLDR
A static analysis method that combines forward flow sensitive analysis and backward path feasibility analysis, to detect bugs caused by incorrect exception handling in Java programs is proposed.
Tracking static analysis violations over time to capture developer characteristics
TLDR
This work presents an approach for tracking static analysis violations over the revision history of a program, and for precisely attributing the introduction and elimination of these violations to individual developers.
Finding bugs in source code using commonly available development metadata
TLDR
This paper provides a method for leveraging development metadata to find bugs that would otherwise be difficult to find using standard static analysis tools, as well as track useful metrics such as number and type of defects injected by committer.
Fixing Vulnerabilities Automatically with Linters
TLDR
Evaluating the experience, it is found that there is enormous potential in using linters to eliminate vulnerabilities in software, due to the relative ease with which linter rules can be implemented and shared to the community.
Static Code Analysis to Detect Software Security Vulnerabilities - Does Experience Matter?
TLDR
It is found that average developers do not correctly identify the security warnings and only developers with specific experiences are better than chance in detecting the security vulnerabilities.
Why don't software developers use static analysis tools to find bugs?
TLDR
Why developers are not widely using static analysis tools and how current tools could potentially be improved are investigated and several implications are discussed, such as the need for an interactive mechanism to help developers fix defects.
On the Real-World Effectiveness of Static Bug Detectors at Finding Null Pointer Exceptions
Static bug detectors aim at helping developers to automatically find and prevent bugs. In this experience paper, we study the effectiveness of static bug detectors at identifying Null Pointer
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 14 REFERENCES
A static analyzer for finding dynamic programming errors
TLDR
A compile‐time analyzer that detects these dynamic errors in large, real‐world programs, and provides valuable contextual information to the programmer who needs to understand and repair the defects.
Evaluating and tuning a static analysis to find null pointer bugs
TLDR
It is shown that simple analysis techniques can be used to identify many software defects, both in production code and in student code, and are able to pinpoint 50% to 80% of the defects leading to a null pointer exception at runtime.
A static analyzer for finding dynamic programming errors
TLDR
The goal of the research reported here was to develop a source code analyzer that could find Purify-like errors with Purify’s ease of use, but without needing test cases, and a new method of analysis was developed, based on simulating the execution of individual functions.
Evaluating static analysis defect warnings on production software
TLDR
FindBugs, a static analysis tool that finds defects in Java programs, is discussed and the kinds of warnings generated and the classification of warnings into false positives, trivial bugs and serious bugs are discussed.
Tracking defect warnings across versions
TLDR
Two different techniques the authors have implemented in FindBugs for tracking defects across versions are discussed, their relative merits and how they can be incorporated into the software development process, and the results of tracking defect warnings across Sun's Java runtime library are discussed.
Secure Programming with Static Analysis
The First Expert Guide to Static Analysis for Software Security!Creating secure code requires more than just good intentions. Programmers need to know that their code will be safe in an almost
Finding more null pointer bugs, but not too many
TLDR
FindBugs now reports 4 of the 9 warnings in Tomcat, shows that one of the warnings reported by Reasoning is a false positive, and classifies the remaining 4 as being dependent on the feasibility of a particular path, which cannot be easier ascertained by a local examination of the source code.
Status report on JSR-305: annotations for software defect detection
TLDR
This JSR represents an attempt to satisfy different static analysis tool vendors and address the engineering issues required to make these annotations widely useful.
How to write system-specific, static checkers in metal
TLDR
An overview of the metal language, which is designed to make it easy to construct systemspecific, static analyses, and shows how to write checkers that extract rules to check from the source code itself without the assistance of the programmer.
Uprooting Software Defects at the Source
TLDR
A different type of solution is needed to combat current trends in the software industry that are steadily diminishing the effectiveness of conventional software testing and quality assurance.
...
1
2
...