Experiences Using Static Analysis to Find Bugs
نویسندگان
چکیده
Static analysis examines code in the absence of input data and without running the code, and can detect potential security violations (e.g., SQL injection), runtime errors (e.g., dereferencing a null pointer) and logical inconsistencies (e.g., a conditional test that cannot possibly be true). While there is a rich body of literature on algorithms and analytical frameworks used by such tools, reports describing experiences with such tools in industry are much harder
منابع مشابه
Simple and Effective Static Analysis to Find Bugs
Title of dissertation: SIMPLE AND EFFECTIVE STATIC ANALYSIS TO FIND BUGS David H. Hovemeyer, Doctor of Philosophy, 2005 Dissertation directed by: Professor William W. Pugh Department of Computer Science Much research in recent years has focused on using static analysis to find bugs in software. Many new approaches employing sophisticated program analysis techniques—inter-procedural, context-sen...
متن کامل Fabian Van Den Broek
Software contains bugs and bugs cost money. A good way to find some bugs quickly is the use of static code analysis. There are no exact numbers on the use of static code analyzers in the industry, but in our experience to few software developers actually make use of them. This thesis describes a survey that was conducted to find out why only so few developers in the Java community use static co...
متن کاملFinding Bugs in Source Code Using Commonly Available Development Metadata
Developers and security analysts have been using static analysis for a long time to analyze programs for defects and vulnerabilities. Generally a static analysis tool is run on the source code for a given program, flagging areas of code that need to be further inspected by a human analyst. These tools tend to work fairly well – every year they find many important bugs. These tools are more impr...
متن کاملStatic Bug Detection Through Analysis of Inconsistent Clones
Existing software systems contain a significant amount of duplicated code. Such redundancy can negatively impact program correctness, since inconsistent updates to duplicated code fragments are prone to introduce subtle bugs. This paper outlines our work-in-progress to statically detect inconsistencies in duplicated code fragments in order to find clone-related bugs. We illustrate the problem o...
متن کاملApplying Static Analysis for Detecting Null Pointers in Java Programs
The detection of bugs in software has been a difficult and time-consuming manual task. Some bugs are hard to find as they manifest themselves far from the actual errors such as dereferencing null-pointer. To avoid these bugs, a useful static program analysis tool would inspect a program for presence of such errors. The goal of static analysis is to detect common run-time errors that are not det...
متن کامل