SDA SE Wiki

Software Engineering for Smart Data Analytics & Smart Data Analytics for Software Engineering

User Tools

Site Tools

You are here: SDA Software Engineering Research Group » Teaching in Software Engineering and Semantic Web » Software Engineering Labs » mdse » General Information » bug_descriptions » Bug core 87

Sidebar

Table of Contents

Bug core 87

Inspired by

Original Description

There is a branch of statement that, if executed, guarantees that a null value will be dereferenced, which would generate a NullPointerException when the code is executed. Of course, the problem might be that the branch or statement is infeasible and that the null pointer exception can't ever be executed; deciding that is beyond the ability of FindBugs.

– 2013-11-18

Detailed Description

as its name shows,“possible” null pointer is detected.in the sample code the condition in which obj is null but elt is not null, a null value will be dereferenced by the second part of “OR” operation. A null pointer is a very common type of error in Java programs and might require sophisticated analysis techniques to find. However, the studying of real Java applications and libraries has shown that many null pointer bugs are the result of simple mistakes, such as using the wrong Boolean operator.

if (c == null && c.isDisposed()) return;

Null pointer analysis is meant to find bugs, it is important to have high confidence that a value really can be null at runtime before issuing a warning about a possible null pointer dereference. If too many false warnings are produced, the tool will not be worth the developer’s time to use. Infeasible control paths are a common source of inaccuracy in dataflow analysis, and avoiding them is an important challenge in the design of an analysis to find null pointer bugs. In some cases, the condition checked may originate from outside the scope of the current analysis, such as a parameter passed into the method. On method entry, parameter values are assumed to be NCP, Null on a Complex Path.

Sample Problem Scenario

static void find3(Object Obj,Object elt ) {
		if ((Obj == null && elt==null) || Obj.equals(elt))
                   //in this case Obj can be null and elt can be not null 
                   //so it is possible we refer to Obj.equals(null),
                   //which is kind of accessing null pointer.                             
              {
		  // do something
		    }
	}

Sample Counter Scenario

<code Java> 

public static void possibleNullPointer(Object elt,Object Obj) {

if (Obj == null || Obj.equals(elt)) { 

    //dosomthing
    }
}

</Code>

Sample Fix

<code Java> public static void possibleNullPointer(Object elt,Object Obj) {

if 1)) { 

    //dosomthing
    }
}

</Code>

Evaluation Results

Benchmark project Precision Recall
FB JT Delta FB JT Delta
Project … …% …% …% …% …% …%
Project … …% …% …% …% …% …%

FB = FindBugs, JT = JTransformer, Delta = JTransformer - FindBugs

1)
Obj == null && elt == null) || (Obj != null && Obj.equals(elt
teaching/labs/mdse/2013/bug_descriptions/jt-bug-cor87.txt · Last modified: 2018/05/09 01:59 (external edit)

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki
SEWiki, © 2023