Software Testing Course — Project

Bug
Detection
in Software

A comprehensive study of identifying, classifying, and eliminating software defects — from static analysis to runtime tracing, ensuring code that is correct, reliable, and robust.

SUBJECT
Software Testing
FOCUS
Bug Detection
LEVEL
Undergraduate
bug-detector.sh
$ run_analysis --target ./src --mode deep
▶ Scanning 1,284 files...
✗ NULL_POINTER at auth.js:142
✗ MEMORY_LEAK at parser.c:89
✗ RACE_CONDITION at thread.py:56
✓ Generating bug report... Done
$
// 01 — Overview
What is
Bug Detection?

Bug detection is the systematic process of identifying defects, errors, and faults in software systems before they reach end users. It is the cornerstone of software quality assurance.

Effective bug detection combines automated tools, human review, structured testing strategies, and statistical analysis to catch defects at every stage of the software development lifecycle.

🔍 Bug Detected DETECT
📋 Bug Reported & Logged LOG
🔧 Developer Fixes Bug FIX
QA Verifies the Fix VERIFY
🚀 Bug Closed & Released CLOSE
// 02 — Classification
Types of Software Bugs

Understanding the taxonomy of bugs helps teams apply the right detection strategies for each category.

TYPE 01
💥
Logic Errors
The program runs without crashing but produces incorrect results due to flawed conditional logic or incorrect calculations.
if (age >= 18) → if (age <= 18)
TYPE 02
🧠
Memory Leaks
Memory is allocated but never freed, causing the program to consume increasing memory over time until failure.
malloc() without free()
TYPE 03
🔌
Null Pointer
Attempting to dereference or use a null/undefined reference, causing crashes or undefined behavior at runtime.
obj.method() → obj is null
TYPE 04
🔀
Race Conditions
In multi-threaded systems, two threads access shared data simultaneously without proper synchronization.
Thread A & B → shared.count++
TYPE 05
📦
Buffer Overflow
Writing data beyond the allocated buffer boundary, corrupting adjacent memory — often a security vulnerability.
char buf[10]; strcpy(buf, 30chars)
TYPE 06
🔗
Integration Bugs
Defects that emerge when independent modules or services are combined, often due to mismatched APIs or assumptions.
API expects JSON, receives XML
// 03 — Methodology
Detection Techniques

Modern bug detection leverages a multi-layered strategy — from reading code to running programs under stress.

Static Analysis
No execution needed
Dynamic Testing
Runtime detection
Code Review
Human inspection
Fuzzing
Random input attack
Unit Testing
Isolated verification
Static Analysis
Analyzing source code without running it. Tools scan for syntactic patterns, data flow issues, and known anti-patterns to catch bugs early in development.
1Parse source code into an Abstract Syntax Tree (AST)
2Analyze data flow to detect uninitialized variables and null dereferences
3Apply rule-based checks for security vulnerabilities (XSS, SQLi)
4Generate a report of flagged issues with severity ratings
Dynamic Testing
Executing the program with test inputs and observing behavior in real time. Catches bugs that only appear at runtime, such as memory corruption and race conditions.
1Instrument the binary with memory/thread tracking hooks
2Execute the program with representative test cases
3Monitor heap allocations, stack usage, and thread interactions
4Report anomalies with stack traces for root cause analysis
Code Review
Structured peer inspection of source code by developers. Human reviewers catch logical flaws, design issues, and maintainability problems that automated tools often miss.
1Author opens a Pull Request with a clear description
2Reviewer reads line-by-line, checking logic and edge cases
3Comments are raised on suspicious or unclear code sections
4Author addresses feedback; reviewer approves and merges
Fuzz Testing
Automatically generating large volumes of random, malformed, or unexpected input data and feeding it to the application to trigger crashes and unexpected behavior.
1Define input format and entry points for the fuzzer
2Generate thousands of mutated inputs per second automatically
3Monitor for crashes, hangs, and assertion failures
4Minimize crash-triggering input for reproducibility
Unit Testing
Writing isolated tests for individual functions or modules to verify they produce correct output for a range of inputs, including boundary values and edge cases.
1Identify the smallest testable units of functionality
2Write test cases covering normal, boundary, and error inputs
3Execute tests automatically on every code commit via CI/CD
4Track code coverage to identify untested paths
// 04 — Process
Bug Lifecycle

Every bug follows a defined lifecycle from the moment it is discovered to the moment it is resolved and closed.

🔍
New
Bug first found & submitted
📌
Assigned
Routed to developer
🔬
Open
Under investigation
🔧
Fixed
Code patch applied
Verified
QA confirms the fix
🚀
Closed
Released to production
// 05 — Tooling
Detection Tools

Industry-standard tools used by engineering teams to automate and scale bug detection across the entire software stack.

🔎
SonarQube
Static Analysis
🐛
Valgrind
Memory Analysis
🧪
Jest / JUnit
Unit Testing
🌀
AFL / libFuzzer
Fuzz Testing
🕵️
Selenium
UI / E2E Testing
📡
Sentry
Runtime Monitoring
ESLint / Pylint
Linting
🔁
GitHub Actions
CI/CD Integration
// 06 — Impact
Why It Matters

The economics and risk of undetected bugs in production software are staggering — early detection is exponentially cheaper.

30x
Costlier to fix a bug in production vs. development
85%
Of defects can be detected before testing via code review
$2T
Annual cost of software bugs to the global economy
70%
Of security vulnerabilities are memory-safety bugs
// 07 — Case Study
Real-World Example

A practical walkthrough of detecting and resolving a critical null pointer dereference bug.

During a code review of a user authentication service, a tester noticed that the login function did not validate whether the user object returned from the database was null before accessing its properties.

The bug was classified as CRITICAL because an attacker could trigger it by submitting a non-existent username, causing the server to crash and creating a Denial-of-Service (DoS) vulnerability.

The fix was straightforward: adding a null check before accessing the user object. The bug was verified fixed by the QA team, regression tests were added, and the fix was deployed within 4 hours of discovery.

BEFORE (Vulnerable)
return user.getToken(); // user could be null!
AFTER (Fixed)
if (!user) throw new AuthError("User not found");
return user.getToken();
BUG-2024-0471 ● CRITICAL
TITLE Null pointer dereference in login handler
MODULE auth-service / loginController.js
DETECTED BY Code Review + Static Analysis (ESLint)
STEPS 1. POST /login with non-existent email
2. DB returns null
3. Server crashes with TypeError
IMPACT Server crash, potential DoS attack vector
STATUS ✅ CLOSED — Verified Fixed
TIME TO FIX 4 hours (detected → deployed)