[zebra 23133] bugs/inappropriate coding practice discovered by interprocedural code analysis for version 0.95a of Zebra-1

Wed May 14 13:47:29 PDT 2008

Dear Zebra developers,

I am a Ph.D student in the Software Engineering Research Group of EECS department in Case Western Reserve University, under the instruction of Prof. Andy Podgurski. In our very recent research, we applied inter-procedural code analysis and data mining technique on the version 0.95a of Zebra project, and we have found 5 potential bugs, as will be indicated in a later email named "bugs/inappropriate coding practice discovered by interprocedural code analysis for version 0.95a of Zebra-2". The reason why we did not submit these bugs to the bug tracking system is that these potential bugs have not triggered any failure, and we cannot be sure whether these potential bugs are real bugs or just bad coding practice. We hope that these potential bugs can help you recognize some real bugs or inappropriate coding practice. It would also be greately appreciated if you can reply to this email after you have gone over the bugs and tell us whether you have confirmed any of them, since these information are really valuable for us for testing our current method. 

The 5 bugs can be categorized into the following 3 groups:

Category-1: missing of a check of the return value of a function
A function may return an error code such as 0, -1 or NULL to indicate that an error occured inside of a function. We've found several potential bugs where a check of the return value is likely to be missing for certain functions.
Category-2: missing of a check of a parameter of a function 
When a parameter of a function is likely to be a NULL-pointer, we need to first check whether it is NULL or not before dereferencing it. We've found potential bugs where a check of a parameter of certain functions is likely to be missing.
Category-3: missing of a function call
This normally happens when a function call is missing in a set of function calls that always need to be invoked together, for example, malloc() and free().

The detailed information of each potential bug is as followed:
Category-1,2 or 3
File Name-the file where the bug occurs
Function Name-the function where the bug occurs
Buggy Code-exact line numbers of the buggy code
Description-description of the bug

Some of the potential bugs are inter-procedural, which cross many functions. These potential bugs are normally hard to be discovered by manual effort, and if they are real bugs, it should be valuable to developers since they are hard to be recognized. Note that for interprocedural potential bugs, there are several code segments involved. The info of some code segment is titled "Code" instead of "Buggy Code". This indicates that the code is not buggy, but is the inter-procedural environment of the real location of the bug. Some of the code segments are titled "Correct Code" to show an example of the correct coding practice. 

Our previous work with intra-procedural analysis, which is mainly implemented by Ray-yaung Chang, are published in the following two papers:

[1]  R. Chang, A. Podgurski, J. Yang,¡°Finding What¡¯s Not There: A New Approach to Revealing Neglected Conditions in Software¡±, Proceedings of the 2007 International Symposium on Software Testing and Analysis, London, UK, July 2007, pp. 163-173.(Best Paper Reward)
[2]  R. Chang, A. Podgurski, J. Yang, "Discovering Neglected Conditions in Software by Mining Dependence Graphs,", IEEE Transactions on Software Engineering, 14 Apr 2008 (preprint), IEEE Computer Society, http://doi.ieeecomputersociety.org/10.1109/TSE.2008.24.

If you have any further informations, please contact any of us:

Andy Podgurski(andy at case.edu)
Ray-yaung Chang(ray-yaung.chang at case.edu)
Boya Sun(boya.sun at case.edu)

Thanks! The next email will contain detailed information on the 5 bugs.

Boya

BOYA SUN
Computer Science Division
Electrical Engineering & Computer Science Department
513 Olin Building
Case Western Reserve University
10900 Euclid Avenue
Clevelnd, OH 44106
boya.sun at case.edu
2008-05-13
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://ml.zebra.org/pipermail/zebra/attachments/20080514/e90cc6f1/attachment.html