Arana

As software is getting larger and larger, traditional bug finding methods (testing, reviewing, etc.) can not keep up. Software developers are looking for automatic bug finding tools with small amount of specification efforts. We think that most bugs occur in certain ways (patterns). So we want to use the patterns in which those bugs occur to detect bugs.

Currently, Arana traverses Java source code/Jimple CFG (control flow graph) and looks for potential problems like:

• A class inherits only one of hashCode/equals method from java.lang.Object
• An opened data connection is not closed along all paths in one method
• Calling equals method with argument of incompatible type
• Calling over writable method from constructor of a non-final class

Arana reuses the framework and a lot rules of PMD.

Work on Arana is funded in part by the NSF Award CCF-0429141 "Program Analysis Techniques to Support Dependable RTSJ Applications".