Out of Sight, Out of Place: Detecting and Assessing Swapped Arguments

TL;DR

SwapD is a static analysis tool that leverages natural language information in code to detect and warn about mistakenly-swapped arguments, improving bug detection in large C and C++ codebases.

Contribution

This work introduces SwapD, a novel static analysis checker that combines multiple strategies to effectively identify swapped arguments using natural language cues.

Findings

Detected 154 real-world swapped argument errors in large codebases

Demonstrated effectiveness of natural language cues in static analysis

Validated approach on 417 million lines of code

Abstract

Programmers often add meaningful information about program semantics when naming program entities such as variables, functions, and macros. However, static analysis tools typically discount this information when they look for bugs in a program. In this work, we describe the design and implementation of a static analysis checker called SwapD, which uses the natural language information in programs to warn about mistakenly-swapped arguments at call sites. SwapD combines two independent detection strategies to improve the effectiveness of the overall checker. We present the results of a comprehensive evaluation of SwapD over a large corpus of C and C++ programs totaling 417 million lines of code. In this evaluation, SwapD found 154 manually-vetted real-world cases of mistakenly-swapped arguments, suggesting that such errors, while not pervasive in released code, are a real problem and a worthwhile target for static analysis.