Author :
Rutar, Nick ; Almazan, Christian B. ; Foster, Jeffrey S.
Author_Institution :
Maryland Univ., College Park, MD, USA
Abstract :
Bugs in software are costly and difficult to find and fix. In recent years, many tools and techniques have been developed for automatically finding bugs by analyzing source code or intermediate code statically (at compile time). Different tools and techniques have different tradeoffs, but the practical impact of these tradeoffs is not well understood. In this paper, we apply five bug finding tools, specifically Bandera, ESC/Java 2, FindBugs, JLint, and PMD, to a variety of Java programs. By using a variety of tools, we are able to cross-check their bug reports and warnings. Our experimental results show that none of the tools strictly subsumes another, and indeed the tools often find nonoverlapping bugs. We discuss the techniques each of the tools is based on, and we suggest how particular techniques affect the output of the tools. Finally, we propose a meta-tool that combines the output of the tools together, looking for particular lines of code, methods, and classes that many tools warn about.
Keywords :
Java; program compilers; program debugging; software tools; Bandera; ESC; FindBug; JLint; Java; PMD; bug finding tool; source code; Computer bugs; Data analysis; Educational institutions; Java; Pattern analysis; Pattern matching; Radio access networks; Reliability engineering; Software debugging; Software reliability;
