Helping Student Programmers Identify and Fix Bugs Using Static Analysis Tools

Senger, Allyson Lauren

11 January 2022

Static analysis tools can be used to help programmers identify problems in their code. However, these tools often assume that developers have some programming background knowledge, so they can be hard to use in an educational context. We investigated the most common FindBugs errors from student code submissions and determined those errors that were related to incorrect solutions to problems and potential struggling for students. FindBugs is a static analysis tool that looks for incorrect patterns in Java bytecode analysis to identify potential coding flaws. For the common errors, we rewrote some of the original FindBugs messages to help students more easily understand the problems with their code. We found that students with at least one FindBugs warning in their final submission to an assignment had more submissions, longer work times, and lower correctness scores than students who did not have a FindBugs warning in their final submission. Adding modified FindBugs feedback to the automated grader resulted in students making fewer submissions and decreasing the length of time required to complete assignments. / Master of Science / Professional software developers use automated tools when they code to help them catch potential coding problems. These tools are difficult for novice student programmers because they do not have the same level of background as professionals. In this work, we attempted to change the feedback given by these tools so that students could understand it and use it to fix their code. We found that, across all of the undergraduate courses in this study, FindBugs warnings were associated with students having more trouble with assignments. When students could see FindBugs warnings, their time to complete assignments and the number of attempts they made both went down.

static analysis tools

FindBugs

error messages

novice programmers

feedback

Static Program Analysis

SHRESTHA, JAYESH

January 2013

No description available.

Static Program Analysis

Vulnerabilities

Juliet testcase

Findbugs

Common Weakness Enumeration (CWE)

Information Systems

A Method for Recommending Computer-Security Training for Software Developers

Nadeem, Muhammad

12 August 2016

Vulnerable code may cause security breaches in software systems resulting in financial and reputation losses for the organizations in addition to loss of their customers’ confidential data. Delivering proper software security training to software developers is key to prevent such breaches. Conventional training methods do not take the code written by the developers over time into account, which makes these training sessions less effective. We propose a method for recommending computer–security training to help identify focused and narrow areas in which developers need training. The proposed method leverages the power of static analysis techniques, by using the flagged vulnerabilities in the source code as basis, to suggest the most appropriate training topics to different software developers. Moreover, it utilizes public vulnerability repositories as its knowledgebase to suggest community accepted solutions to different security problems. Such mitigation strategies are platform independent, giving further strength to the utility of the system. This research discussed the proposed architecture of the recommender system, case studies to validate the system architecture, tailored algorithms to improve the performance of the system, and human subject evaluation conducted to determine the usefulness of the system. Our evaluation suggests that the proposed system successfully retrieves relevant training articles from the public vulnerability repository. The human subjects found these articles to be suitable for training. The human subjects also found the proposed recommender system as effective as a commercial tool.

FindBugs

Static code analysis

Jaccard index

tf–idf

training

NVD

CWE

software vulnerabilities

software security

Recommender system

Statická detekce častých chyb JBoss aplikačního serveru / Static Detection of Common Bugs in JBoss Application Server

Vyvial, Pavel

January 2010

First, a few bugs from a list of common bug were chosen and patterns describing these bugs were inferred. Then, detectors searching for such patterns were implemented as plug-ins to FindBugs static analyzer. Finally, detectors were used to detect bugs in development version of JBoss AS. Results are presented at the end of this paper.