Bug detection in Java code: An extensive evaluation of static analysis tools using Juliet Test Suites. (29th December 2022)
- Record Type:
- Journal Article
- Title:
- Bug detection in Java code: An extensive evaluation of static analysis tools using Juliet Test Suites. (29th December 2022)
- Main Title:
- Bug detection in Java code: An extensive evaluation of static analysis tools using Juliet Test Suites
- Authors:
- Amankwah, Richard
Chen, Jinfu
Song, Heping
Kudjo, Patrick Kwaku - Abstract:
- Abstract: Previous studies have demonstrated the usefulness of employing automated static analysis tools (ASAT) and techniques to detect security bugs in software systems. However, these studies are usually focused on analyzing the effectiveness of the tools using open‐source tools based on C/C++ source code. The choice for making an appropriate decision on the most suitable tool for bug detection in Java code software remains a relatively unexplored domain. To address this deficiency, this study empirically evaluates eight widely used ASATs, namely, Findbug, PMD, YASCA, LAPSE+, JLint, Bandera, ESC/Java, and Java Pathfinder using the Juliet Test Suite (Test Suite v1.2). Additionally, we assessed the performance of the detection capabilities for the aforementioned bug detection tools using robust performance measures such as precision, recall, Youden index, and the OWASP web benchmark evaluation (WBE). The experimental results show that the tools obtain precision values ranging from 83% to 90.7% based on the studied datasets. Specifically, the Java Pathfinder achieves the best precision score of 90.7%, followed by YASCA and Bandera with a precision score of 88.7% and 83%, respectively. Similarly, Bandera, ESC/Java, and Java Pathfinder obtain a Youden index of 0.8, which indicates the effectiveness of the tools in detecting security bugs in Java source code. Abstract : Bug detection is a fundamental activity to software quality maintenance and has been shown to improveAbstract: Previous studies have demonstrated the usefulness of employing automated static analysis tools (ASAT) and techniques to detect security bugs in software systems. However, these studies are usually focused on analyzing the effectiveness of the tools using open‐source tools based on C/C++ source code. The choice for making an appropriate decision on the most suitable tool for bug detection in Java code software remains a relatively unexplored domain. To address this deficiency, this study empirically evaluates eight widely used ASATs, namely, Findbug, PMD, YASCA, LAPSE+, JLint, Bandera, ESC/Java, and Java Pathfinder using the Juliet Test Suite (Test Suite v1.2). Additionally, we assessed the performance of the detection capabilities for the aforementioned bug detection tools using robust performance measures such as precision, recall, Youden index, and the OWASP web benchmark evaluation (WBE). The experimental results show that the tools obtain precision values ranging from 83% to 90.7% based on the studied datasets. Specifically, the Java Pathfinder achieves the best precision score of 90.7%, followed by YASCA and Bandera with a precision score of 88.7% and 83%, respectively. Similarly, Bandera, ESC/Java, and Java Pathfinder obtain a Youden index of 0.8, which indicates the effectiveness of the tools in detecting security bugs in Java source code. Abstract : Bug detection is a fundamental activity to software quality maintenance and has been shown to improve software reliability. This paper @Amankwah et al.empirically evaluated the detection capabilities for eight widely used automated static analysis tools based on the OWASP Top Ten security vulnerabilities in Juliet test suite (Test Suite v1.2). … (more)
- Is Part Of:
- Software, practice & experience. Volume 53:Number 5(2023)
- Journal:
- Software, practice & experience
- Issue:
- Volume 53:Number 5(2023)
- Issue Display:
- Volume 53, Issue 5 (2023)
- Year:
- 2023
- Volume:
- 53
- Issue:
- 5
- Issue Sort Value:
- 2023-0053-0005-0000
- Page Start:
- 1125
- Page End:
- 1143
- Publication Date:
- 2022-12-29
- Subjects:
- bug detection -- common weakness enumeration -- SAMATE -- static analysis tools
Computer software -- Periodicals
Computer programming -- Periodicals
Computer programs -- Periodicals
005.3 - Journal URLs:
- http://onlinelibrary.wiley.com/ ↗
- DOI:
- 10.1002/spe.3181 ↗
- Languages:
- English
- ISSNs:
- 0038-0644
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 8321.453000
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 26921.xml