14-jun-05white elephant gmbh1 ada bug finder. 14-jun-05white elephant gmbh2 ada bug finder the ada...

14-Jun-05 White Elephant GmbH 1

Ada Bug Ada Bug FinderFinder


Ada Bug FinderAda Bug Finder

The Ada Bug Finder is a Windows application that searches Ada code for recognisable bug patterns


PresentationPresentation

Bug Finders Ada Bug Finder v1.4 Ada Bug Patterns Results Free software for you to try out!


InspirationInspiration

“Finding Bugs is Easy”

By David Hovemeyer and William Pugh

Presented October 2004 at OOPSLASpecific to Java Bug Patterns


Bug Pattern - Bug Pattern - DefinitionDefinition

A bug pattern is a code idiomthat is likely to be an error. David Hovemeyer and William Pugh

Syntactically correct but probably not what the author intended.


Concept Concept

Premise: Bugs exist in production code

Search existing Ada code base for bug patterns.


Bugs in Production Bugs in Production CCodeode

Why?In code that is rarely executedSymptoms hard to reproduceNo access to development staff


A “A “FindFind bugsbugs”” Utility Utility

Should use simple patternsNeed not be 100% correctFalse Positives are to be expectedNo guarantee that every situation

coveredOvernight background job – Speed

not an issue


Trade-offsTrade-offs

Compilers could do more– Increased compilation time

Bug finder utility could do more or raise fewer false positives– Increased development costs


Ada Bug Finder v1.4Ada Bug Finder v1.4

Result of a small 140 hour projectAs yet only detects 8 bug patternsOptionally checks 7 style rules


False PositivesFalse Positives

ABF doesn’t always get it right!– Implementation trade-off– Bad or over-complex style

Exercise care when modifying code!Mark code with special comment to

prevent ABF reporting


Code MarkingCode Marking - Example - Example


Recognised Ada Bug PatternsRecognised Ada Bug Patterns

1. Illogical Operator Rename

2. Code Not Reachable

3. Exception Not Raised

4. Unused Unit

5. Unused Declaration

6. Null Pointer

7. Non Short Circuit

8. Wrong Granularity


1. Illogical Operator Rename1. Illogical Operator Rename

In Ada83, where there is no use type clause, operators are often renamed to avoid the use of prefixed notation

Clumsy cut & paste editing might result in renaming an operator to be something totally different. The compiler allows this although it is highly unlikely to be what the author intended


IOR - ExampleIOR - Example


2. Code Not Reachable2. Code Not Reachable

Code placed after an unconditionalRaiseReturnExit

Some compilers (Gnat) detect this.


CNR - ExampleCNR - Example


3. Exception Not Raised3. Exception Not Raised

An exception is declared but never raised

Exception handled but never raised


ENR – ExampleENR – Example of False Positive of False Positive


4. Unused Unit4. Unused Unit

Package imported but never used Procedure, function or package defined

but neither exported nor used locally

False positives: Undetected default generic subprogram

parameter Conditional compilation selected code

destined for a different target


UU – ExampleUU – Example of False Positive of False Positive


5. Unused Declaration5. Unused Declaration

Type, Constant or Variable declared but never used

Why? History Confusion – Similar names OverloadingFalse positive: Required because controlled type or

default initialisation has an effect


UD – ExampleUD – Example of False Positive of False Positive


6. Null Pointer6. Null Pointer

Code explicitly checks for null then dereferences the pointer

Unbelievable?Not a compiler requirement.

Some make checks

None do the job properly!


NP - ExampleNP - Example


7. Non Short Circuit7. Non Short Circuit

and used instead of and thenor used instead of or else

TypicallyTest if index in range then use itTest if pointer not null then

dereference it


NSC - ExampleNSC - Example


8. Wrong Granularity8. Wrong Granularity

Size attribute outside of an expression Unlikely usage because hardly anything

requires the size of an object in bits!

Typically An imported API (e.g. Windows) requires

the address and size of a buffer in bytes. If this buffer size is supplied as bits, a buffer overrun may occur!


WGWG - Example - Example


The Ada Bug FinderThe Ada Bug Finder Utility Utility

Written in Ada95Uses Ada Parser to detect patternsReportsOptionsStyle


Screen ShotScreen Shot


ABFABF - Reports - Reports

TextComma Delimited


ABFABF - Options - Options

Gnat ExtensionsPreparation Phase (Second pass to

reduce false positives at the expense of speed)


Style RulesStyle Rules

Not bugs as such but coding practices that lead to bugs or make bugs harder to find.

1. Character Not Portable2. Handle Task Exceptions3. No Declaration Overloading4. No Goto Statements5. No Use Clause6. No Variables in Specification7. Superfluous Code Mark


Other Other recognisedrecognised bug patterns bug patterns

1. Division by Zero

2. Raise after Assignment

3. Redundant Comparison to Null

4. Symmetrical Comparison


1. Division by Zero1. Division by Zero

Code explicitly checks for zero then uses it for division.


DBZDBZ - Example - Example


2.Raise after assignment2.Raise after assignment

Leaving a procedure abnormally nullifies assignment to in-out or out parameters


RAARAA - Example - Example


3. Redundant Comparison to null3. Redundant Comparison to null

Comparing a pointer to null after it has been dereferenced is redundant

Indicates confusion. Either the check is truly redundant or the previous dereference should have been first checked.


RCNRCN - Example - Example


4. Symmetrical Comparison4. Symmetrical Comparison

When both sides of a comparison are identical


SCSC - Example - Example


ResultsResults

Sources Files Cnr Enr Ior Nsc Np Se Ud Uu Wg Styles

UniControl 1.3 149 15 2 36 25 1 25

ILTIS 3622.12.36 4539 25 267 2 131 11 1672 317 23 2109

Aonix 7.2.2 828 2 18 4 196 23 5 1080

Gnat GCC 3.15pGps 1.4

2976 1 55 4 1 8 255 236 3 14070

AI-302 147 1 1 1 240


ResultsResults

Bugs were found in all the code bases we searched.

Most were in code that was seldom if ever executed (e.g. Error handling)

Some were severe! Reluctance to change production code

that been accepted and that appears to function correctly.

Can be used as a development tool.


Results (Style Violations)Results (Style Violations)

Sources Total Cnp Hte Ndo Ngs Npuc Nvis Scm

UniControl 1.3 25 9 16

Iltis 3622.12.36 2109 24 22 1443 169 451

Aonix 7.2.2 1080 16 20 2 475 567

Gnat GCC 3.15pGps 1.3

14070 17 314 462 11303 1974

AI-302 240 2 3 233 2


Any other ideas?Any other ideas?

After you find a bug ask yourself whether it could have been found automatically by looking for a “Simple Pattern”

If so then let’s include it into ABF and see if anyone else has made the same bug!


Where to get itWhere to get it

Not open source but freely available for use

Download fromwww.white-elephant.ch

Feedback appreciated.– Results– Suggestions for new patterns– Excessive false positives.

14-jun-05white elephant gmbh1 ada bug finder. 14-jun-05white elephant gmbh2 ada bug finder the ada...

Documents

white elephant gmbh8

white elephant gmbh14

white elephant gmbh16

white elephant gmbh18

white elephant gmbh20

white elephant gmbh7

issue slide

recognisable bug patterns