Graph-based classification for detecting instances of bug patterns

Hundreds of software handle data, money transactions and information every day, for every person in the world. Thus, also the smallest vulnerability may lead to a domino effect. In order to mitigate these bad consequences as much as possible, there is a considerable demand for bug finder tools that can help developers debug their code and improve security and correctness. Nevertheless, none of them is perfect, and most of the available tools can detect only generic errors that contradict common behavior or make use of a list of pre-defined rules and patterns that may constitute a vulnerability. These tools cannot easily be extended to more specific bug patterns without a tedious and complicated study on the bug itself and its causes. We propose an approach to developing a generic bug finder tool that uses machine learning and trains a model able to classify buggy and non-buggy code by looking at a dataset of buggy examples for a specific bug pattern. Our approach applies static analyses to represent source code as graphs and then uses a multilayer perceptron model to perform the classification task. We report the results of our experiments in detecting Null Pointer Exceptions in Java codes. The evaluation results are promising and confirm that machine learning can help improve code security and develop better bug finder tools.