findbugs - Improving Software Quality with Static Analysis...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
2007 JavaOne SM Conference | Session TS-2007 | TS-2007 Improving Software Quality with Static Analysis William Pugh Professor Univ. of Maryland http://www.cs.umd.edu/~pugh
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2007 JavaOne SM Conference | Session TS-2007 | 2 You will believe. .. Static analysis tools can find real bugs and real issues in your code. You can and should effectively incorporate static analysis into your software development process.
Background image of page 2
2007 JavaOne SM Conference | Session TS-2007 | 3 Agenda Introduction Correctness issues Bad Practice Security defects Demos (FindBugs, Fortify SCA) Integrating static analysis Wrap up
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2007 JavaOne SM Conference | Session TS-2007 | 5 Agenda Introduction Correctness issues Bad Practice Security defects Demos (FindBugs, Fortify SCA) Integrating static analysis Wrap up
Background image of page 4
2007 JavaOne SM Conference | Session TS-2007 | 6 Static Analysis Analyzes your program without executing it Doesn’t depend on having good test cases or even any test cases Generally, doesn’t know what your software is supposed to do Looks for violations of reasonable programming Shouldn’t throw NPE Shouldn’t allow SQL injection Not a replacement for testing Very good at finding problems on untested paths But many defects can’t be found with static analysis
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2007 JavaOne SM Conference | Session TS-2007 | 7 Common Wisdom about Bugs and Static Analysis Programmers are smart Smart people don’t make dumb mistakes We have good techniques (e.g., unit testing, pair programming, code inspections) for finding bugs early So, bugs remaining in production code must be subtle, and finding them must require sophisticated static analysis techniques I tried lint and it sucked: lots of warnings, few real issues
Background image of page 6
2007 JavaOne SM Conference | Session TS-2007 | 8 Can You Find The Bug? if (listeners == null) listeners.remove(listener); JDK1.6.0, b105, sun.awt.x11.XMSelection lines 243-244
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2007 JavaOne SM Conference | Session TS-2007 | 9 Why Do Bugs Occur? Nobody is perfect Common types of errors: Misunderstood language features, API methods Typos (using wrong boolean operator, forgetting parentheses or brackets, etc.) Misunderstood class or method invariants Everyone makes syntax errors, but the compiler catches them What about bugs one step removed from a syntax error?
Background image of page 8
2007 JavaOne SM Conference | Session TS-2007 | 10 Who Uses Static Analysis? Lots and lots of projects and companies Among many others, Glassfish and Google use FindBugs Many companies are weird about letting you say they use your open source tool Lots of open source tools: PMD, CheckStyle, etc. IDEs include some: Eclipse, IntelliJ, Netbeans
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 11/06/2011 for the course CSE 308 taught by Professor Kelly,r during the Fall '08 term at SUNY Stony Brook.

Page1 / 59

findbugs - Improving Software Quality with Static Analysis...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online