Spotbugs is a static code analysis program that inspects Java code and flags up possible sources of errors. The set of rules included cover common coding errors that are pervasive in the use of the Java language. The system has a plugin architecture that allows rules to be added and the aim of this project is to build a plugin that extends Spotbugs’ functionality to cover common coding errors related to specific libraries – either from the Java standard library or from external libraries such as the Spring Framework or commonly used Apache libraries.
Information on what kinds of problems to focus on could come from an analysis of StackOverflow or from the analysis of open source software and the commits in open repositories.
The evaluation of the system should utilize existing open source codes and data about code commits. The aim is to demonstrate that the plugin would have identified bugs that were found in the past. A secondary aim is to identify bugs in existing codebases that are not yet identified and fixed.
There is ample scope for extensions. For example, the project could be changed to conduct more than a static code analysis, including information about runtime behaviour or it could use machine learning techniques to identify bug patterns and spot bugs.
This project is suitable as a group project.
The project will deliver two outputs:
- A description of coding errors in the form of a coding error pattern that includes:
- a description of the use case where the error might occur (e.g., setting up a database connection);
- a list of classes and key methods involved;
- a list of examples where the bugs occurred;
- an analysis of cause and effect relationships (illustrated, e.g., in the form of 'neuron diagrams');
- an assessment of the extent to which static code analysis can uncover them.
- A SpotBugs plugin that implements detection of the bugs described.
Alternatively, a tool similar to SpotBugs that fulfills a similar purpose, e.g., where dynamic analysis is required. This could involve augmenting code using aspect-oriented programming and running system-level or unit-level tests.