BugPicker 1.3 - ALPHA
Overview
BugPicker is a next-generation, open-source Software Quality Assurance Tool (BSD-2 License) for general-purpose Java based applications. BugPicker applies well-established and also latest research results from the area of static analyses to detect bugs that are not detected by other bug finding tools. Under the hood, it employs techniques from the area of abstract interpretation to perform (more) complex data-flow analyses.
BugPicker is used to identify issues in the OpenJDK 8 and here is what one of the core developers said regarding one specific issue in the code he is working on:
[...] a clear case of bad code [...] It will get fixed [...]
A core JDK developer; Oct. 2014
Distinguishing Features
Today, a larger number of open-source tools for software quality assurance for Java programs already exists. These tools can roughly be grouped in two categories:First, those tools that use relatively shallow static analysis (e.g., FindBugs, CheckStyle, PMD, JDepend) and can therefore only identify style issues or very simple bugs.
Second, tools that aim at proving properties about the software (e.g., Key or ESCJava). Though the latter tools are able to identify very complex bugs, they always require significant effort and understanding on part of those developers who want to use these tools. The space between theses two categories of tools is currently only – and also just partially – filled by very expensive commercial tools. This space will be filled by BugPicker; it will bring advanced software quality assurance to a wide range of projects!
Flaws Identified by BugPicker
In general, BugPicker analyzes the control- and data-flow of applications to identify code issues that affect overall quality of the software. E.g., BugPicker will identify code that (provably) will prevent other code from ever executing or which performs useless computations. Such code is often the result of issues in the source code and has a significant impact on core properties such as correctness, comprehensibility, maintainability, evolvability and reusability. In Java source code, such flaws manifest themselves in the following way:- Useless tests of the length of arrays. E.g.
<Array>.length < 0 - Misunderstanding of the precise semantics of certain language constructs (such as type checks, casts, binary operations, ...). E.g.,
null instanceof Xwill always fail. - The wrong usage of the logical operators
&&and||. - Useless tests, because a corresponding test is always executed earlier (nested testing of the same condition).
- Computations that are unnecessarily performed at runtime. They could be avoided by declaring a local variable as final.
- Developers are not aware of the values of constants that are defined somewhere else, but which is relevant at a specific location.
- if conditions that will always evaluate to false, because the developers are not aware of the range of values that a local variable can take.
- if conditions that are testing for contradicting conditions.
- Multiple values have an implicit dependency that makes it useless to handle specific cases in a specific context.
- In the same method a local variable is once accessed inside a guarded context (e.g,
if(x != null)...but is also accessed outside the context. - An instruction/statement/expression will always throw an exception. BugPicker can in particular identify:
- NullPointerExceptions
- ArrayIndexOutOfBoundsExceptions
- ArrayStoreExceptions
- ClassNotFoundExceptions (if the name of the class given to
Class.forName(...)is invalid).
To navigate in the presentation click on it or use the cursor keys (after first clicking on it).
Next Steps
- Follow the instructions on how to download and install BugPicker.
- Follow the tutorial on how to use BugPicker.
Downloads
Current
- Snapshot (July 25th, 2016): BugPicker-1.3.0-R1.jar (Release Notes)
- Stable (May 11th, 2015): bugpicker-1.2.0.jar (Release Notes)
- Presentation of flaws found in OpenJDK 8: certified_flawed.pdf
- BugPicker's license: bsd-2-license.txt
Legacy
- The application (Jan. 12th, 2015): bugpicker-1.1.1.jar (Release Notes)
- The application: bugpicker-1.1.0.jar (Release Notes)
- The application: bugpicker-1.0.0.jar
- The source code: bugpicker-1.0.0-all-source.zip
- Introductory video: BugPicker-Overview-26.10.2014.mp4
- Using BugPicker video: BugPicker-Demo-26.10.2014.mp4
Links
- OPAL's Source Code Repository (BugPicker is found in the folder tools/bp)
- OPAL's and BupPicker's Issue Tracker
- BSD-2 Source Code License (HTML)
Created By
(Names are given in alphabetical order.)- David Becker
- Development of the user interface.
- Tobias Becker
- Development of the user interface.
- Michael Eichberg
- Development of the analysis; project coordination.
- Marco Jacobasch
- Development of the unused methods analysis.
- Arne Lottmann
- Build process engineering; overall quality assurance (automated tests, ui testing); development of the user interface.
- Babak Moghimi
- Development of the user interface; tool integration.