finding bugs is easy
play

Finding Bugs is Easy David Hovemeyer and William Pugh October 27, - PowerPoint PPT Presentation

Mar 01, 2023 •512 likes •1.02k views

Introduction Bug Patterns Evaluation Conclusions Finding Bugs is Easy David Hovemeyer and William Pugh October 27, 2004 David Hovemeyer and William Pugh Finding Bugs is Easy Introduction Bug Patterns The problem Evaluation Static

  1. Introduction Bug Patterns Evaluation Conclusions Finding Bugs is Easy David Hovemeyer and William Pugh October 27, 2004 David Hovemeyer and William Pugh Finding Bugs is Easy

  2. Introduction Bug Patterns The problem Evaluation Static analysis Conclusions Introduction Bug Patterns Evaluation Conclusions David Hovemeyer and William Pugh Finding Bugs is Easy

  3. Introduction Bug Patterns The problem Evaluation Static analysis Conclusions Bugs in software Programmers are smart We have good techniques (e.g., unit testing, pair programming, code inspections) for finding bugs early So, most bugs remaining in production code must be subtle, and require sophisticated techniques to find Right? David Hovemeyer and William Pugh Finding Bugs is Easy

  4. Introduction Bug Patterns The problem Evaluation Static analysis Conclusions Apache Ant 1.6.2, org.apache.tools.ant.taskdefs.optional.metamata.MAudit if (out == null) { try { out.close(); } catch (IOException e) { } } David Hovemeyer and William Pugh Finding Bugs is Easy

  5. Introduction Bug Patterns The problem Evaluation Static analysis Conclusions Eclipse 3.0.1, org.eclipse.update.internal.core.ConfiguredSite if (in == null) try { in.close(); } catch (IOException e1) { } David Hovemeyer and William Pugh Finding Bugs is Easy

  6. Introduction Bug Patterns The problem Evaluation Static analysis Conclusions JBoss 4.0.0RC1, org.jboss.mq.xml.XElement if ( split[0].equals( null ) ) { return this; } JBoss 4.0.0RC1, org.jboss.cache.TreeCache int treeNodeSize=fqn.size(); if(fqn == null) return null; David Hovemeyer and William Pugh Finding Bugs is Easy

  7. Introduction Bug Patterns The problem Evaluation Static analysis Conclusions J2SE version 1.5 build 63 (released version), java.lang.annotation.AnnotationTypeMismatchException public String foundType() { return this.foundType(); } David Hovemeyer and William Pugh Finding Bugs is Easy

  8. Introduction Bug Patterns The problem Evaluation Static analysis Conclusions Software contains bugs Lots of obvious bugs find their way into production software Testing and code inspections won’t find every bug Very hard to get high test coverage for a large system Limits to frequency, completeness of code inspections Techniques to find more bugs automatically are valuable David Hovemeyer and William Pugh Finding Bugs is Easy

  9. Introduction Bug Patterns The problem Evaluation Static analysis Conclusions Static analysis Let the computer figure out where (some of) the bugs are Much work has been done on static analysis to find bugs Lint, PREfix, PREfast, FxCop, MC/Metal, ESC/Java, Cqual Many other tools, papers, techniques However, static bug checking not used nearly as widely as testing, code inspections We think it should be! David Hovemeyer and William Pugh Finding Bugs is Easy

  10. Introduction Bug Patterns The problem Evaluation Static analysis Conclusions Static analysis challenges Fundamental limits to static analysis Nontrivial properties of programs are undecidable Choice: what to do when confronted by a difficult analysis problem Be consistently conservative: could choose to Never miss a real bug (but report some false positives) Never report a false positive (but miss some real bugs) Guess a “likely” behavior Both false positives and false negatives are possible But, may be able to get better accuracy overall David Hovemeyer and William Pugh Finding Bugs is Easy

  11. Introduction Bug Patterns The problem Evaluation Static analysis Conclusions Bugs vs. style It is important to distinguish bug checkers from style checkers Style checkers warn about dubious or dangerous coding idioms: however, instances of those idioms may not be particularly likely to be a bug Bug checkers warn about code idioms that are likely to be acutal bugs Style checkers useful for enforcing consistent coding standards Help prevent certain kinds of bugs David Hovemeyer and William Pugh Finding Bugs is Easy

  12. Overview Introduction Implementation Bug Patterns Correctness bugs Evaluation Multithreaded correctness bugs Conclusions Malicious code vulnerabilities Introduction Bug Patterns Evaluation Conclusions David Hovemeyer and William Pugh Finding Bugs is Easy

  13. Overview Introduction Implementation Bug Patterns Correctness bugs Evaluation Multithreaded correctness bugs Conclusions Malicious code vulnerabilities Bug-driven bug finding When a bug is found, a good developer will: Fix it Add a dynamic check or test case to make sure the bug cannot reoccur Why not take this idea a step further? Write a static bug checker to find occurences of similar bugs elsewhere in the program, or in other programs David Hovemeyer and William Pugh Finding Bugs is Easy

  14. Overview Introduction Implementation Bug Patterns Correctness bugs Evaluation Multithreaded correctness bugs Conclusions Malicious code vulnerabilities Bug patterns Many bugs share common characteristics These common characteristics form bug patterns Can often be detected using simple analysis techniques Consequences of imprecision: May miss some real bugs May report false warnings David Hovemeyer and William Pugh Finding Bugs is Easy

  15. Overview Introduction Implementation Bug Patterns Correctness bugs Evaluation Multithreaded correctness bugs Conclusions Malicious code vulnerabilities Genesis of a bug pattern Bug arose in intro programming course class WebSpider { /** Construct a new WebSpider */ public WebSpider(boolean isDFS, int limit) { WebSpider spider = new WebSpider(isDFS, limit); } Bug is unconditional self-recursive invocation: infinite loop Checked, 4 other students had similar bugs Wrote detector to find unconditional self-recursion; ran it on JDK1.5 rt.jar to ensure it wasn’t generating false positives Found 3 real bugs! David Hovemeyer and William Pugh Finding Bugs is Easy

  16. Overview Introduction Implementation Bug Patterns Correctness bugs Evaluation Multithreaded correctness bugs Conclusions Malicious code vulnerabilities Static analysis philosophy Two approaches to devising a static analysis to find bugs: 1. Given an analysis technique, figure out what bugs it could find 2. Given a bug, figure out an analysis that could be used to find occurrences of similar bugs David Hovemeyer and William Pugh Finding Bugs is Easy

  17. Overview Introduction Implementation Bug Patterns Correctness bugs Evaluation Multithreaded correctness bugs Conclusions Malicious code vulnerabilities The FindBugs tool We have implemented automatic detectors for about 50 bug patterns in a tool called FindBugs Open source http://findbugs.sourceforge.net Analyzes Java bytecode using Apache BCEL library Bytecode is easy to analyze Tool continues to work in the face of language changes (e.g., new Java 1.5 language features) David Hovemeyer and William Pugh Finding Bugs is Easy

  18. Overview Introduction Implementation Bug Patterns Correctness bugs Evaluation Multithreaded correctness bugs Conclusions Malicious code vulnerabilities Implementing a bug pattern detector Implementation steps: 1. Think of the simplest technique that would find occurrences of the bug 2. Implement it 3. Apply it to real software Hopefully find some real bugs Will probably produce some false warnings 4. Add heuristics to reduce percentage of false warnings Our experience: new detectors can usually be implemented quickly (somewhere between a few minutes and a few days) Often, detectors find more bugs than you would expect David Hovemeyer and William Pugh Finding Bugs is Easy

  19. Overview Introduction Implementation Bug Patterns Correctness bugs Evaluation Multithreaded correctness bugs Conclusions Malicious code vulnerabilities Implementation techniques We use various kinds of analysis in implementing detectors: Examination of method names, signatures, class hierarchy Linear scan of bytecode instructions using a state machine Method control flow graphs, dataflow anlysis No interprocedural flow analysis or sophisticated heap analysis David Hovemeyer and William Pugh Finding Bugs is Easy

  20. Overview Introduction Implementation Bug Patterns Correctness bugs Evaluation Multithreaded correctness bugs Conclusions Malicious code vulnerabilities Categories Categories of bug patterns Correctness Multithreaded correctness Malicious code vulnerability Efficiency and design Will we describe a few of the patterns and show some examples of bugs found See paper, website for more bug patterns David Hovemeyer and William Pugh Finding Bugs is Easy

  21. Overview Introduction Implementation Bug Patterns Correctness bugs Evaluation Multithreaded correctness bugs Conclusions Malicious code vulnerabilities Correctness bugs David Hovemeyer and William Pugh Finding Bugs is Easy

  22. Overview Introduction Implementation Bug Patterns Correctness bugs Evaluation Multithreaded correctness bugs Conclusions Malicious code vulnerabilities Hashcode/Equals Equal objects must have equal hash codes Programmers sometimes override equals() but not hashCode() Or, override hashCode() but not equals() Objects violating the contract won’t work in hash tables, maps, sets Example (JDK 1.5 build 59): javax.management.Attribute Warnings: 55 in rt.jar 1.5-b59, 170 in eclipse-3.0 David Hovemeyer and William Pugh Finding Bugs is Easy

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?!

Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?!

Failure is not an option * A journey through software bugs Philippe Biondi Nov 20 th 2015 / GreHack Failure is not an option * Outline Bugs! 1 Avoiding and Finding bugs 2 Bugs still happen 3 Why do bugs still happen ?! 4 Living with bugs

966 views • 63 slides
Finding Bugs Last time Run-time reordering transformations Today Program Analysis for

Finding Bugs Last time Run-time reordering transformations Today Program Analysis for

Finding Bugs Last time Run-time reordering transformations Today Program Analysis for finding bugs, especially security bugs problem specification motivation approaches remaining issues CS553 Lecture Finding Bugs 2

461 views • 8 slides
220 Maintainability: How easy is it to make changes and fix bugs? Testability: How easy is it to

220 Maintainability: How easy is it to make changes and fix bugs? Testability: How easy is it to

220 Maintainability: How easy is it to make changes and fix bugs? Testability: How easy is it to check for correctness and monitor and adapt the running system? Affordability: How much does it cost to develop and to run? Understandability: Can new

600 views • 47 slides
1 Example Bugs Type Qualifiers [Shankar, et al 01] Idea null dereference Add tainted and

1 Example Bugs Type Qualifiers [Shankar, et al 01] Idea null dereference Add tainted and

Finding Bugs Problem Last time What is a bug? a path in the code that causes a run-time exception Alias/Pointer analysis a path through the code that causes incorrect results Today Issues Program Analysis for finding bugs,

214 views • 4 slides
1 Bug Triage Regression Testing Decide which bugs to fix Good: rerun the test that failed

1 Bug Triage Regression Testing Decide which bugs to fix Good: rerun the test that failed

What is a bug? Formally, a software defect A Bugs life SUT fails to perform to spec SUT causes something else to fail SUT functions, but does not satisfy Finding and Managing Bugs usability criteria CSE 403 If the

643 views • 3 slides
Finding variability bugs in Linux Iago Abal Rivas IT Universitetet i Kbenhavn Joint work with

Finding variability bugs in Linux Iago Abal Rivas IT Universitetet i Kbenhavn Joint work with

Finding variability bugs in Linux Iago Abal Rivas IT Universitetet i Kbenhavn Joint work with Andrzej Wsowski and Claus Brabrand FOSD Meeting 2014 1 / 28 Agenda 40 variability bugs in Linux: A Qualitative Study (10m) Method Example

540 views • 36 slides
Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More

Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More

Defect Detection Thomas Zimmermann The First Bug September 9, 1947 More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs More Bugs Facts on Debugging Software bugs are

840 views • 63 slides
Testing Test Cases: Finding Errors Bug : Error in a program. (Always expect them!)

Testing Test Cases: Finding Errors Bug : Error in a program. (Always expect them!)

Mini-Lecture 9 Testing Test Cases: Finding Errors Bug : Error in a program. (Always expect them!) Debugging : Process of finding bugs and removing them. Testing : Process of analyzing, running program, looking for bugs. Test

365 views • 13 slides
Razzer: Finding Kernel Race Bugs thro ugh Fuzzing Dae R. Jeong Kyungtae Kim Basavesh

Razzer: Finding Kernel Race Bugs thro ugh Fuzzing Dae R. Jeong Kyungtae Kim Basavesh

Razzer: Finding Kernel Race Bugs thro ugh Fuzzing Dae R. Jeong Kyungtae Kim Basavesh Shivakumar Byoungyoung Lee Insik Shin Korea Advanced Institute of Science and Technology Seoul National University Purdue

3.64k views • 23 slides
Finding Rare Concurrent Programming Bugs An Automatic , Symbolic , Randomized , and Parallelizable

Finding Rare Concurrent Programming Bugs An Automatic , Symbolic , Randomized , and Parallelizable

ICTAC 2018 15 th International Colloquium on Theoretical Aspects of Computing Stellenbosch, South Africa, Oct 19, 2018 Finding Rare Concurrent Programming Bugs An Automatic , Symbolic , Randomized , and Parallelizable Approach Gennaro Parlato

818 views • 59 slides
From LNK to RCE Finding bugs in Windows Shell Link Parser Lays Who am I - Lays Senior

From LNK to RCE Finding bugs in Windows Shell Link Parser Lays Who am I - Lays Senior

From LNK to RCE Finding bugs in Windows Shell Link Parser Lays Who am I - Lays Senior Researcher at TeamT5 Focus on Reverse Engineering / Vulnerability Research MSRC Most Valuable Security Researcher 2019 / 2020 Acknowledged by

1.31k views • 103 slides
Finding Semantic Bugs in File Systems with an Extensible Fuzzing Framework Seulbae Kim, Meng Xu *

Finding Semantic Bugs in File Systems with an Extensible Fuzzing Framework Seulbae Kim, Meng Xu *

Finding Semantic Bugs in File Systems with an Extensible Fuzzing Framework Seulbae Kim, Meng Xu * , Sanidhya Kashyap * , Jungyeon Yoon, Wen Xu, Taesoo Kim * On the job market Demonstration Fuzzing F2FS in Linux v5.0-rc7 for crash consistency

943 views • 75 slides
Cross-checking Semantic Correctness: The Case of Finding File System Bugs Changwoo Min , Sanidhya

Cross-checking Semantic Correctness: The Case of Finding File System Bugs Changwoo Min , Sanidhya

Cross-checking Semantic Correctness: The Case of Finding File System Bugs Changwoo Min , Sanidhya Kashyap, Byoungyoung Lee, Chengyu Song, Taesoo Kim Georgia Institute of Technology School of Computer Science Two promising approaches to make

1.25k views • 85 slides
FUSE: Finding File Upload Bugs via Penetration Testing Taekjin Lee, Seongil Wi , Suyoung Lee,

FUSE: Finding File Upload Bugs via Penetration Testing Taekjin Lee, Seongil Wi , Suyoung Lee,

FUSE: Finding File Upload Bugs via Penetration Testing Taekjin Lee, Seongil Wi , Suyoung Lee, Sooel Son KAIST Upload Functionality Sharing user-provided content has become a de facto standard feature of modern web applications 2 File

995 views • 61 slides
Finding Bugs the Rube-Goldberg Way Ruxcon 2014 mark.brand@datacom.com.au/c01db33f@gmail.com Me

Finding Bugs the Rube-Goldberg Way Ruxcon 2014 mark.brand@datacom.com.au/c01db33f@gmail.com Me

Finding Bugs the Rube-Goldberg Way Ruxcon 2014 mark.brand@datacom.com.au/c01db33f@gmail.com Me Work - Datacom TSS - pentesting/code auditing/research Play - Same as last year :-P - When I have time, its nice to try and break things.

469 views • 21 slides
Finding Crash-Consistency Bugs with Bounded Black-Box Testing Jayashree Mohan , Ashlie Martinez,

Finding Crash-Consistency Bugs with Bounded Black-Box Testing Jayashree Mohan , Ashlie Martinez,

Finding Crash-Consistency Bugs with Bounded Black-Box Testing Jayashree Mohan , Ashlie Martinez, Soujanya Ponnapalli, Pandian Raju, Vijay Chidambaram Crashes I crashed This is very File saved! important File missing Image

878 views • 87 slides
SSHRC, NSERC, and CIHR Canada Graduate Scholarships Masters (CGS-M) 2021-2022 Sara Sealey

SSHRC, NSERC, and CIHR Canada Graduate Scholarships Masters (CGS-M) 2021-2022 Sara Sealey

SSHRC, NSERC, and CIHR Canada Graduate Scholarships Masters (CGS-M) 2021-2022 Sara Sealey Awards Officer Faculty of Graduate Studies Canada Graduate Scholarships Masters CGS-M - Value and Duration: $17,500.00 for 12

194 views • 15 slides
Schedule Date Day Class Title Chapters HW Lab Exam No. Due date Due date 1 Sept Mon

Schedule Date Day Class Title Chapters HW Lab Exam No. Due date Due date 1 Sept Mon

Schedule Date Day Class Title Chapters HW Lab Exam No. Due date Due date 1 Sept Mon Labor Day NO LAB 2 Sept Tue NO LAB 3 Sept Wed 1 Fundamentals 2.1 4 Sept Thu 5 Sept Fri NO Recitation 6 Sept Sat 7 Sept Sun

360 views • 20 slides
Industrial Relations Update Ben Waugh, Senior Lawyer SIAG Today Brief update: 1. The

Industrial Relations Update Ben Waugh, Senior Lawyer SIAG Today Brief update: 1. The

Industrial Relations Update Ben Waugh, Senior Lawyer SIAG Today Brief update: 1. The Registered and Licensed Clubs Award 2010; 2. FWC and dismissals; 3. FWO activity? a) Sub-contractors and contractors b) Underpayments and non-compliance

781 views • 12 slides
draft-villamizar-mpls-tp-multipath-00 Curtis Villamizar (Infinera) Briefly this internet-draft:

draft-villamizar-mpls-tp-multipath-00 Curtis Villamizar (Infinera) Briefly this internet-draft:

draft-villamizar-mpls-tp-multipath-00 Curtis Villamizar (Infinera) Briefly this internet-draft: 1. Better document common multipath practices. 2. Provides scaling and capacity efficiency motivations 3. Proposes to better accommodate MPLS-TP

258 views • 15 slides
Forests NSW Forests NSW Spotted Gum ( Corymbia spp.) Tree improvement and deployment strategy

Forests NSW Forests NSW Spotted Gum ( Corymbia spp.) Tree improvement and deployment strategy

Forests NSW Forests NSW Spotted Gum ( Corymbia spp.) Tree improvement and deployment strategy Michael Henson, Helen Smith, and Steve Boyton www.dpi.nsw.gov.au Corymbia Tree Improvement Forests NSW Corymbia Plantations Breeding

569 views • 21 slides
600.406 Finite-State Methods in NLP, Part II Assignment 4: Building Finite-State Operators

600.406 Finite-State Methods in NLP, Part II Assignment 4: Building Finite-State Operators

600.406 Finite-State Methods in NLP, Part II Assignment 4: Building Finite-State Operators Prof. J. Eisner Spring 2001 As discussed in class, this weeks exercises involve constructing new finite-state op- erators from old ones. You

296 views • 10 slides
Once you define the formula Can change the values as often as you like Automatically

Once you define the formula Can change the values as often as you like Automatically

Once you define the formula Can change the values as often as you like Automatically re-computes Treats cells as variables Defined by location, not value Each cell constant or another formula Example Pay = hourly rate

270 views • 5 slides
Coresets for k-Means and k-Median Clustering and their Applications Sariel Har-Peled and Soham

Coresets for k-Means and k-Median Clustering and their Applications Sariel Har-Peled and Soham

Coresets for k-Means and k-Median Clustering and their Applications Sariel Har-Peled and Soham Mazumdar March 8, 2006 Problem Introduction We are given a point set P in R d of size n Find a set of k points C such that the cost function

951 views • 26 slides

More recommend