Ada Bug Finder

1
Ada Bug Finder
2
Ada Bug Finder

• The Ada Bug Finder is a Windows application that
  searches Ada code for recognisable bug patterns

3
Presentation

• Bug Finders
• Ada Bug Finder v1.4
• Ada Bug Patterns
• Results
• Free software for you to try out!

4
Inspiration

• Finding Bugs is Easy
• By David Hovemeyer and William Pugh
• Presented October 2004 at OOPSLA
• Specific to Java Bug Patterns

5
Bug Pattern - Definition

• A bug pattern is a code idiom
• that is likely to be an error.
• 
  David Hovemeyer and William
  Pugh
• Syntactically correct but probably not what the
  author intended.

6
Concept

• Premise Bugs exist in production code
• Search existing Ada code base for bug patterns.

7
Bugs in Production Code

• Why?
• In code that is rarely executed
• Symptoms hard to reproduce
• No access to development staff

8
A Find bugs Utility

• Should use simple patterns
• Need not be 100 correct
• False Positives are to be expected
• No guarantee that every situation covered
• Overnight background job Speed not an issue

9
Trade-offs

• Compilers could do more
• Increased compilation time
• Bug finder utility could do more or raise fewer
  false positives
• Increased development costs

10
Ada Bug Finder v1.4

• Result of a small 140 hour project
• As yet only detects 8 bug patterns
• Optionally checks 7 style rules

11
False Positives

• ABF doesnt always get it right!
• Implementation trade-off
• Bad or over-complex style
• Exercise care when modifying code!
• Mark code with special comment to prevent ABF
  reporting

12
Code Marking - Example
13
Recognised Ada Bug Patterns

1. Illogical Operator Rename
2. Code Not Reachable
3. Exception Not Raised
4. Unused Unit
5. Unused Declaration
6. Null Pointer
7. Non Short Circuit
8. Wrong Granularity

14
1. Illogical Operator Rename

• In Ada83, where there is no use type clause,
  operators are often renamed to avoid the use of
  prefixed notation
• Clumsy cut paste editing might result in
  renaming an operator to be something totally
  different. The compiler allows this although it
  is highly unlikely to be what the author intended

15
IOR - Example
16
2. Code Not Reachable

• Code placed after an unconditional
• Raise
• Return
• Exit
• Some compilers (Gnat) detect this.

17
CNR - Example
18
3. Exception Not Raised

• An exception is declared but never raised
• Exception handled but never raised

19
ENR Example of False Positive
20
4. Unused Unit

• Package imported but never used
• Procedure, function or package defined but
  neither exported nor used locally
• False positives
• Undetected default generic subprogram parameter
• Conditional compilation selected code destined
  for a different target

21
UU Example of False Positive
22
5. Unused Declaration

• Type, Constant or Variable declared but never
  used
• Why?
• History
• Confusion Similar names
• Overloading
• False positive
• Required because controlled type or default
  initialisation has an effect

23
UD Example of False Positive
24
6. Null Pointer

• Code explicitly checks for null then dereferences
  the pointer
• Unbelievable?
• Not a compiler requirement.
• Some make checks
• None do the job properly!

25
NP - Example
26
7. Non Short Circuit

• and used instead of and then
• or used instead of or else
• Typically
• Test if index in range then use it
• Test if pointer not null then dereference it

27
NSC - Example
28
8. Wrong Granularity

• Size attribute outside of an expression
• Unlikely usage because hardly anything requires
  the size of an object in bits!
• Typically
• An imported API (e.g. Windows) requires the
  address and size of a buffer in bytes. If this
  buffer size is supplied as bits, a buffer overrun
  may occur!

29
WG - Example
30
The Ada Bug Finder Utility

• Written in Ada95
• Uses Ada Parser to detect patterns
• Reports
• Options
• Style

31
Screen Shot
32
ABF - Reports

• Text
• Comma Delimited

33
ABF - Options

• Gnat Extensions
• Preparation Phase (Second pass to reduce false
  positives at the expense of speed)

34
Style Rules

• Not bugs as such but coding practices that lead
  to bugs or make bugs harder to find.
• Character Not Portable
• Handle Task Exceptions
• No Declaration Overloading
• No Goto Statements
• No Use Clause
• No Variables in Specification
• Superfluous Code Mark

35
Other recognised bug patterns

1. Division by Zero
2. Raise after Assignment
3. Redundant Comparison to Null
4. Symmetrical Comparison

36
1. Division by Zero

• Code explicitly checks for zero then uses it for
  division.

37
DBZ - Example
38
2.Raise after assignment

• Leaving a procedure abnormally nullifies
  assignment to in-out or out parameters

39
RAA - Example
40
3. Redundant Comparison to null

• Comparing a pointer to null after it has been
  dereferenced is redundant
• Indicates confusion. Either the check is truly
  redundant or the previous dereference should have
  been first checked.

41
RCN - Example
42
4. Symmetrical Comparison

• When both sides of a comparison are identical

43
SC - Example
44
Results
Sources Files Cnr Enr Ior Nsc Np Se Ud Uu Wg Styles
UniControl 1.3 149 15 2 36 25 1 25
ILTIS 3622.12.36 4539 25 267 2 131 11 1672 317 23 2109
Aonix 7.2.2 828 2 18 4 196 23 5 1080
Gnat GCC 3.15pGps 1.4 2976 1 55 4 1 8 255 236 3 14070
AI-302 147 1 1 1 240
45
Results

• Bugs were found in all the code bases we
  searched.
• Most were in code that was seldom if ever
  executed (e.g. Error handling)
• Some were severe!
• Reluctance to change production code that been
  accepted and that appears to function correctly.
• Can be used as a development tool.

46
Results (Style Violations)
Sources Total Cnp Hte Ndo Ngs Npuc Nvis Scm
UniControl 1.3 25 9 16
Iltis 3622.12.36 2109 24 22 1443 169 451
Aonix 7.2.2 1080 16 20 2 475 567
Gnat GCC 3.15pGps 1.3 14070 17 314 462 11303 1974
AI-302 240 2 3 233 2
47
Any other ideas?

• After you find a bug ask yourself whether it
  could have been found automatically by looking
  for a Simple Pattern
• If so then lets include it into ABF and see if
  anyone else has made the same bug!

48
Where to get it

• Not open source but freely available for use
• Download from www.white-elephant.ch
• Feedback appreciated.
• Results
• Suggestions for new patterns
• Excessive false positives.