Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSE 6329 Project Team 1 Aliasgar Kagalwala Aditya Mone Derek White Dengfeng (Thomas) Xia.

Published byJohnathan Payne Modified over 8 years ago

Similar presentations

Presentation on theme: "CSE 6329 Project Team 1 Aliasgar Kagalwala Aditya Mone Derek White Dengfeng (Thomas) Xia."— Presentation transcript:

1 CSE 6329 Project Team 1 Aliasgar Kagalwala Aditya Mone Derek White Dengfeng (Thomas) Xia

2 FindBugs is a static analysis tool for Java used to find warnings about bugs by analyzing the byte code (execution of the code is not required) Searches for bug patterns Claims a false warning rate of less than 50% Free software released under the LGPL Bug detectors can be written using either BCEL or ASM A University of Maryland project that has received funding from Google, Sun Microsystems, NSF, Fortify Software, SureLogic and the IBM Eclipse Innovation award [1]

3 A tool like FindBugs, which is based on a collection of known patterns, is most useful with a complete set of accurate bug detectors at its disposal Our team must learn about how to extend FindBugs by using its extensible design to implement new bug detectors We searched FindBug's SourceForge project page, finding suggestions for new bug detectors from the user community Our goal is to study and implement some of them, hopefully contributing something back to the project Goal: Add more bug detectors

4 Report platform dependent environment (ID: 3147304) Instance initializer notification (ID: 3098258) Generating warnings for implicit sign extending byte values (ID: 3052560) Throwing hashcodes vs Object.toString (ID: 2847861)

5 Example code snippets from feature requests: Feature: Reporting platform dependent environment. o System.getProperty("line.separator") o Calendar.getInstance() or new Date() o Any string operation that uses the default charset of the JVM Feature: Warning for sign-extending byte values. Given the code: byte b = (some val); int i = (int) b; // this will sign- extend // 'b'. Values like 0x81 // will turn into // 0xFFFFFF81.

6 The features proposed will generate following warning output:

7 Looking at source of existing bug detectors is the recommended way of learning how to write one [2] Often use one of the following techniques:  Inspection of class/method/field structure  Micropatterns  Stack-based patterns  Dataflow analysis  Inter-procedural analysis Source: FindBugs tutorials on Google Code [4]

8 Most bug detectors extend: o BytecodeScanningDetector - more flexible, can detect more general problems o BytecodePatternDetector - good choice when pattern can be expressed as a sequence of bytecode patterns (micropatterns) Provides default implementations for methods, or override select methods for new detectors State can be accumulated as bytecode is walked Once the detector is written, it is packaged in a FindBugs plug-in JAR format containing an XML file describing the detector Source: IBM developerWorks, "FindBugs Part 2: Writing custom detectors" [2]

9 [1] FindBugs, URL: http://findbugs.sourceforge.net/http://findbugs.sourceforge.net/ [2] FindBugs Part 2: IBM developerWorks: Writing custom detectors, URL: http://www.ibm.com/developerworks/java/library/j-findbug2/http://www.ibm.com/developerworks/java/library/j-findbug2/ [3] D. Hovemeyer, W.Pugh, "Finding Bugs is Easy", SIGPLAN Notices, December 2004 [4] FindBugs tutorials on Google Code: http://code.google.com/p/findbugs-tutorials

Download ppt "CSE 6329 Project Team 1 Aliasgar Kagalwala Aditya Mone Derek White Dengfeng (Thomas) Xia."

Similar presentations

Extending Eclipse Kai-Uwe Mätzel IBM OTI Labs Zurich

Extending Eclipse Kai-Uwe Mätzel IBM OTI Labs Zurich
CPSC 441 TUTORIAL – JANUARY 16, 2012 TA: MARYAM ELAHI INTRODUCTION TO C.

CPSC 441 TUTORIAL – JANUARY 16, 2012 TA: MARYAM ELAHI INTRODUCTION TO C.
Teachable Static Analysis Workbench by Igor Konnov, Dmitry Kozlov.

Teachable Static Analysis Workbench by Igor Konnov, Dmitry Kozlov.
Programming Paradigms and languages

Programming Paradigms and languages
Engineering Secure Software. The Power of Source Code  White box testing Testers have intimate knowledge of the specifications, design, Often done by.

Engineering Secure Software. The Power of Source Code  White box testing Testers have intimate knowledge of the specifications, design, Often done by.
MC697 Object-Oriented Programming Using Java. In this class, we will cover: How the class will be structured Difference between object-oriented programming.

MC697 Object-Oriented Programming Using Java. In this class, we will cover: How the class will be structured Difference between object-oriented programming.
Web Applications Development Using Coldbox Platform Eddie Johnston.

Web Applications Development Using Coldbox Platform Eddie Johnston.
Lab#1 (14/3/1431h) Introduction To java programming cs425

Lab#1 (14/3/1431h) Introduction To java programming cs425
Approach for Unit testing with the help of JUnit... Satish Mishra

Approach for Unit testing with the help of JUnit... Satish Mishra
28/1/2001 Seminar in Databases in the Internet Environment Introduction to J ava S erver P ages technology by Naomi Chen.

28/1/2001 Seminar in Databases in the Internet Environment Introduction to J ava S erver P ages technology by Naomi Chen.
RubyPolish: Static Bug Detection in Ruby Programs John Locke Alex Mont.

RubyPolish: Static Bug Detection in Ruby Programs John Locke Alex Mont.
Presented by IBM developer Works ibm.com/developerworks/ 2006 January – April © 2006 IBM Corporation. Making the most of Creating Eclipse plug-ins.

Presented by IBM developer Works ibm.com/developerworks/ 2006 January – April © 2006 IBM Corporation. Making the most of Creating Eclipse plug-ins.
1 Plug-in Development Environment (PDE) Guide. 2 Introduction to PDE l What is PDE: »a tool designed to help you develop platform plug-ins while working.

1 Plug-in Development Environment (PDE) Guide. 2 Introduction to PDE l What is PDE: »a tool designed to help you develop platform plug-ins while working.
JSP Architecture  JSP is a simple text file consisting of HTML or XML content along with JSP elements  JSP packages define the interface for the compiled.

JSP Architecture  JSP is a simple text file consisting of HTML or XML content along with JSP elements  JSP packages define the interface for the compiled.
Web Applications Basics. Introduction to Web Web features Clent/Server HTTP HyperText Markup Language URL addresses Web server - a computer program that.

Web Applications Basics. Introduction to Web Web features Clent/Server HTTP HyperText Markup Language URL addresses Web server - a computer program that.
Introduction to the JDK Java for Computational Finance 46-935.

Introduction to the JDK Java for Computational Finance
© 2006 by IBM 1 How to use Eclipse to Build Rich Internet Applications With PHP and AJAX Phil Berkland IBM Software Group Emerging.

© 2006 by IBM 1 How to use Eclipse to Build Rich Internet Applications With PHP and AJAX Phil Berkland IBM Software Group Emerging.
Struts 2.0 an Overview ( )

Struts 2.0 an Overview ( )
Getting Started with Eclipse Sandeep Pasuparthy. What’s Eclipse? It is a free software / open source platform- independent software framework for delivering.

Getting Started with Eclipse Sandeep Pasuparthy. What’s Eclipse? It is a free software / open source platform- independent software framework for delivering.
Jarhead Analysis and Detection of Malicious Java Applets Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna University of California Annual Computer.

Jarhead Analysis and Detection of Malicious Java Applets Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna University of California Annual Computer.

Similar presentations

Ads by Google