ASE 2024
Sun 27 October - Fri 1 November 2024 Sacramento, California, United States
Thu 31 Oct 2024 13:45 - 14:00 at Compagno - Bug detection and prediction Chair(s): Tim Menzies

Sequence Containers (SC) in the C++ Standard Template Library (STL), such as the \texttt{vector}, are widely used in large-scale projects for their maintainability and flexibility. However, accessing the elements in an SC is bug-prone, as such operations will not check their boundaries during compilation or execution, which can lead to memory errors, such as buffer overflow problems. And these bugs are difficult to detect with available static analyzers, since the size of SCs and the target of iterators cannot be precisely tracked without a cooperative model for them.

To address this problem, we propose a combined model of SC sizes and iterator targets by tracking them simultaneously through a set of meta-operations extracted from corresponding method calls, and report improper operations according to three bug patterns. We implement the approach as a static analyzer, \textit{Scasa}, on the top of the Clang Static Analyzer (CSA) framework, and evaluate its effectiveness and efficiency against CSA and other state-of-the-art static analyzers on a benchmark composed of 2230 manually created code snippets and eight popular open-source C++ projects with a lot of SC usage. The experimental results reveal that \textit{Scasa} effectively identifies nearly all inherent bugs within the manual code snippets and generates 125 reports for these projects (with a time loss of 5–85%) where 72 reports are marked as correct with a manual revision. And to further confirm these correct reports, we also select some important ones for developers. These results show that accessing elements of SCs is bug-prone, and cooperatively tracking SC sizes and iterator targets can accurately detect these bugs with acceptable overhead.

Thu 31 Oct

Displayed time zone: Pacific Time (US & Canada) change

13:30 - 15:00
Bug detection and predictionResearch Papers / Journal-first Papers at Compagno
Chair(s): Tim Menzies North Carolina State University
13:30
15m
Talk
Towards Effective Static Type-Error Detection for Python
Research Papers
Wonseok Oh Korea University, Hakjoo Oh Korea University
13:45
15m
Talk
Detecting Element Accessing Bugs in C++ Sequence Containers
Research Papers
zhilin li , Xutong Ma Institute of Software, Chinese Academy of Sciences, Beijing, China, Mengze Hu Institute of Software, Chinese Academy of Sciences, Jun Yan Institute of Software, Chinese Academy of Sciences
14:00
15m
Talk
Concretely Mapped Symbolic Memory Locations for Memory Error Detection
Journal-first Papers
Haoxin Tu Singapore Management University, Singapore, Lingxiao Jiang Singapore Management University, Jiaqi Hong Independent Researcher, Xuhua Ding Singapore Management University, He Jiang Dalian University of Technology
14:15
15m
Talk
NeuroJIT: Improving Just-In-Time Defect Prediction Using Neurophysiological and Empirical Perceptions of Modern Developers
Research Papers
Gichan Lee Hanyang University, Hansae Ju Hanyang University, Scott Uk-Jin Lee Hanyang University