October 29, 2019
By Noah Pflueger-Peters
Assistant Professor Cindy Rubio-González is a recipient of this year’s Facebook Testing and Verification Award. Her proposal, “Null Pointer Dereferences in the Wild” looks to test state-of-the-art automated bug finding tools on real software to evaluate their effectiveness, and to develop new algorithms for bug finding.
Rubio’s proposal was one of ten chosen out of over 100 applications. She will receive the award and give a talk at a workshop for Testing and Verification Award winners on November 19 in London.
The proposal is made possible by Rubio’s work on the BugSwarm dataset, a large-scale dataset of real software bugs from many open-source projects. The idea is to evaluate state-of-the-art static bug finders on large and complex code bases to determine their effectiveness at finding “bugs in the wild”.
In this proposal, Rubio will focus on null pointer dereference bugs. These bugs occur when a program tries to access data through an invalid memory address. Null pointer dereferences are one of the most serious and pervasive bugs, causing programs to crash, so there is a great interest in tools that automatically identify these bugs.
“In this proposal, we will evaluate the effectiveness of state-of-the-art static bug finders at detecting null pointer dereferences in Java programs. This will be done using hundreds of real-world null pointer dereferences found in the BugSwarm dataset.”, Rubio said.
“Null pointer dereferences affect software from all application domains, and despite many efforts, there are still many limitations on the effectiveness of finding them in real code,” she said. “Does a tool find the bug? If not, is it because of a shortcoming of the technique, or a bug in the tool itself? How many other bug warnings are produced by the tool? Are these real bugs or false alarms?”
The team then plans to use this knowledge to help improve existing tools, and to develop novel algorithms for identifying these kinds of bugs.
Rubio is particularly excited by this project because Facebook provides a unique opportunity to apply program analysis tools at large scale.
“These tools improve the reliability and usability of products in industry,” she said. “It’s a great opportunity to connect with the industry and make real-world impact.”
The award continues the CS department’s tradition of success with Facebook awards. Her colleague, assistant professor Aditya Thakur, won the same award in 2018, and she and Thakur jointly received the Probability and Programming Research award this spring.