Skip to content

Latest commit

 

History

History
121 lines (97 loc) · 3.84 KB

fault-detection.md

File metadata and controls

121 lines (97 loc) · 3.84 KB

Evaluation on the Effectiveness of Fault Detection tools with BugSwarm

In this section, we evaluate SpotBugs with BugSwarm to see its capability of capturing Null-Pointer Exception (NPE) bugs. Throughout the section, we will use tananaev-traccar-64783123 as an example of NPE bug. Also, you can easily get more NPE bugs by running the following query with BugSwarm API.

api.filter_artifacts(json.dumps({
  'status': 'active',
  'classification.exceptions': 'NullPointerException'}
))

Step 1: Run the Docker Container for the Bug Artifact

Show the details of the bug we are going to use

bugswarm show --image-tag tananaev-traccar-64783123

Run the Docker container for the artifact, you might need to type your password

bugswarm run --image-tag tananaev-traccar-64783123 --use-sandbox

Change directory to the buggy version of code, and list to see the files we have

cd ~/build/failed/tananaev/traccar/
ls -l

Step 2: Add SpotBugs in the Project

Edit pom.xml file to add SpotBugs in the project. We need to add the following plugin in the build section, so that SpotBugs can be run during the build process.

<plugin>
    <groupId>com.github.spotbugs</groupId>
    <artifactId>spotbugs-maven-plugin</artifactId>
    <version>3.1.6</version>
    <configuration>
        <effort>Max</effort>
        <threshold>low</threshold>
    </configuration>
</plugin>

Also, we need to add the following plugin in the reporting section, so that SpotBugs can generate a report after the build process.

<reporting>
    <plugins>
        <plugin>
            <groupId>com.github.spotbugs</groupId>
            <artifactId>spotbugs-maven-plugin</artifactId>
            <version>3.1.6</version>
            <configuration>
                <effort>Max</effort>
                <threshold>low</threshold>
            </configuration>
        </plugin>
    </plugins>
</reporting>

To simplify, we can just replace the whole pom.xml file with the /bugswarm-sandbox/pom-with-spotbugs.xml file in the sandbox, in which we have already added the SpotBugs plugin.

cp /bugswarm-sandbox/pom-with-spotbugs.xml pom.xml

Step 3: Run Fault Detection with SpotBugs

Run the following command to run SpotBugs over the project

JAVA_HOME="/usr/lib/jvm/java-8-oracle/" && /usr/local/maven-3.2.5/bin/mvn compile com.github.spotbugs:spotbugs-maven-plugin:3.1.6:spotbugs -Dhttps.protocols=TLSv1.2

Tip

If you encounter SSL errors when Maven is trying to download dependencies, you can follow these steps to fix the issue:

sudo sed -i 's|http://us.archive.ubuntu.com/ubuntu/|http://old-releases.ubuntu.com/ubuntu/|g' /etc/apt/sources.list
sudo sed -i 's|http://security.ubuntu.com/ubuntu/|http://old-releases.ubuntu.com/ubuntu/|g' /etc/apt/sources.list

sudo apt-get update -y
sudo apt-get install -y ca-certificates
sudo update-ca-certificates

if [ ! -f /etc/ssl/certs/java/cacerts ]; then
  sudo /var/lib/dpkg/info/ca-certificates-java.postinst configure
fi

sudo rm -f /usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts
sudo /usr/lib/jvm/java-8-oracle/jre/bin/keytool \
     -importkeystore \
     -srckeystore /etc/ssl/certs/java/cacerts \
     -destkeystore /usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts \
     -srcstorepass changeit \
     -deststorepass changeit \
     -noprompt

Then rerun the SpotBugs build:

JAVA_HOME="/usr/lib/jvm/java-8-oracle/" && /usr/local/maven-3.2.5/bin/mvn compile com.github.spotbugs:spotbugs-maven-plugin:3.1.6:spotbugs -Dhttps.protocols=TLSv1.2

After the command finishes, you can see the SpotBugs report at target/spotbugsXml.xml. Copy the bug report generated by SpotBugs to sandbox and exit docker container

cd target
cp spotbugsXml.xml /bugswarm-sandbox
exit

Then use a XML viewer to see the results.