Home
Search results “Static analysis code java” for the 2010
Static Analysis Plug-in for Eclipse
 
05:04
Short demo on how developers can use Klocwork's plug-in for Eclipse to help them find and fix defects before they check-in their code.
Views: 3394 staticcodeanalysis
Static Analyzer v1.0 Demo
 
05:22
A brief demonstration of Trusted Advisor Security's "Static Analyzer" web-based static analysis tool, showing the automated execution of Yasca on submitted source code. Static Analyzer is available from Trusted Advisor Security, at www.tasecuritygroup.com.
Views: 2777 TASecurity
How Good is Static Analysis at Finding Concurrency Bugs? (SCAM 2010)
 
08:43
Martin Mwebesa's presentation at the 10th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2010), September 13 2010, Timişoara, Romania. More Information: http://faculty.uoit.ca/bradbury/sqrg/papers/SCAM2010.html Abstract: Detecting bugs in concurrent software is challenging due to the many different thread interleavings. Dynamic analysis and testing solutions to bug detection are often costly as they need to provide coverage of the interleaving space in addition to traditional black box or white box coverage. An alternative to dynamic analysis detection of concurrency bugs is the use of static analysis. This paper examines the use of three static analysis tools (FindBugs, JLint and Chord) in order to assess each tool's ability to find concurrency bugs and to identify the percentage of spurious results produced. The empirical data presented is based on an experiment involving 12 concurrent Java programs.
Static Analysis Plug-in for Visual Studio
 
05:06
Short demo on how developers can use Klocwork's plug-in for Visual Studio to find and fix defects before they check-in their source code.
Views: 1729 staticcodeanalysis
Klocwork Desktop Static Analysis Demo
 
05:29
Short demo on how command line users can use Klocwork Desktop to find and fix defects before they check-in their code.
Views: 4990 staticcodeanalysis
OWASP AppSec 2010: Automated vs. Manual Security: You Can't Filter The Stupid 1/3
 
14:57
Clip 1/3 Speakers: David Byrne and Charles Henderson, Trustwave Everyone wants to stretch their security budget, and automated application security tools are an appealing choice for doing so. However, manual security testing isn't going anywhere until the HAL application scanner comes online. This presentation will use often humorous, real-world examples to illustrate the relative strengths and weaknesses of automated solutions and manual techniques. Automated tools certainly have some strengths (namely low incremental cost, detecting simple vulnerabilities, and performing highly repetitive tasks). In addition to preventing some attacks, WAFs also have advantages for some compliance frameworks. However, automated solutions are far from perfect. To begin with, there are entire classes of very important vulnerabilities that are theoretically impossible for automated software to detect (at least until HAL comes online). Examples include complex information leakage, race conditions, logic flaws, design flaws, subjective vulnerabilities such as CSRF, and multistage process attacks. Beyond that, there are many vulnerabilities that are too complicated or obscure to practically detect with an automated tool. Automated tools are designed to cover common application designs and platforms. Applications using an unusual layout or components will not be thoroughly protected by automated tools. Realistically, only the most vanilla of web applications written on common, simple platforms will receive solid code coverage from an automated tool. On the other hand, manual testing is far more versatile. An experienced penetration tester can identify complicated vulnerabilities in the same way that an attacker does. Specific, real-world examples of vulnerabilities only recognizable by humans will be provided. The diversity of vulnerabilities shown will clearly demonstrate that all applications have the potential for significant vulnerabilities not detectable by automated tools. Manual source code reviews present even more benefits by identifying vulnerabilities that require access to source code. Examples include "hidden" or unused application components, SQL injection with no evidence in the response, exotic injection attacks (e.g. mainframe session attacks), vulnerabilities in back-end systems, and intentional backdoors. Many organizations assume that this type of vulnerability is not a large threat, but source code can be obtained by disgruntled developers, by internal attackers when the repository isn't properly secured, by exploiting platform bugs or path directory traversal attacks, and by external attackers using a Trojan horse or similar technique. For more information click here (http://bit.ly/aeSvg2)
Views: 1253 Christiaan008
Code Review Tool Introduction
 
14:20
http://codereviewtool.com - Introduction to web based code review tool from Protium Software.
Views: 7851 protiumsoftware
Proposed addition to FindBugs
 
05:32
Brief overview of functionality I developed for FindBugs, the static analysis tool for Java which can find those coding mistakes that matter. The functionality is intended to counter the problem of false positives - those bugs which the user doesn't want to fix. This functionality has been developed for the Swing user interface available with FindBugs 1.3.9. FindBugs: http://findbugs.sourceforge.net/ My blog: http://grallan.blogspot.com/
Views: 1088 Grundlefleck
Coccinelle: Finding bugs in open source systems code
 
15:27
Bugs are pervasive in code. And when one finds one bug there are often others of the same type lurking in other parts of the code base. The difficulty then is how to find them efficiently within thousands or millions of lines of code. by Julia Lawall At the University of Copenhagen, in collaboration with researchers in Paris and Aalborg, we have been developing the Coccinelle program matching and transformation engine (http://coccinelle.lip6.fr). Coccinelle provides a language, SmPL (semantic patch language), for writing complex code patterns that may perform simple searching or that can be annotated with transformation information. A novelty of Coccinelle is that these patterns look very similar to ordinary source code. Nevertheless, SmPL patterns can be made generic using pattern variables, and are matched according to the semantics of the source code rather than the line-by-line syntax, and hence we have given them the name semantic patches. In this talk, we will introduce Coccinelle and the SmPL language, and then illustrate its use with examples based on bugs that we have found and fixed in Linux kernel code. In particular, we will focus on how the source-code like language makes it easy to customize the bug finding process to very specific problems and to fine-tune semantic patches to reduce the number of false positives, which plague automated bug finding tools. To date, over 400 patches derived from the use of Coccinelle have been accepted into the Linux kernel source tree. Coccinelle is a program matching and transformation system targeting C code. Coccinelle provides a language, SmPL (semantic patch language), for writing complex code patterns that may perform simple searching or that can be annotated with transformation information. A novelty of Coccinelle is that these patterns look very similar to ordinary source code. Nevertheless, SmPL patterns can be made generic using pattern variables, and are matched according to the semantics of the source code rather than the line-by-line syntax. In developing Coccinelle, we have particularly targeted Linux kernel code. Nevertheless, Coccinelle has been applied in the context of other open source software projects, such as OpenSSL and Wine. To date, over 400 patches derived from the use of Coccinelle have been accepted into the Linux kernel source tree. Links: ◦http://coccinelle.lip6.fr FOSDEM (Free and Open Source Development European Meeting) is a European event centered around Free and Open Source software development. It is aimed at developers and all interested in the Free and Open Source news in the world. Its goals are to enable developers to meet and to promote the awareness and use of free and open source software. More info at http://fosdem.org
Views: 2298 FOSDEM
CERIAS Security: Static source code analysis 2/6
 
09:59
Clip 2/6 Speaker: Jacob West · Fortify Software Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine tooth comb and uncover the kinds of errors that lead directly to vulnerabilities. This talk frames the software security problem and shows how static analysis is part of the solution. Highlights include: * The most common security short-cuts and why they lead to security failures * Why programmers are in the best position to get security right * Where to look for security problems * How static analysis helps * The critical attributes and algorithms that make or break a static analysis tool We will look at how static analysis works, how to integrate it into the software development processes, and how to make the most of it during security code review. Along the way we'll look at examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar errors. For more information go to the Cerias website (http://bit.ly/dsFCBF)
Views: 554 Christiaan008
SQL Injection by Checkmarx Research Labs
 
04:12
Checkmarx Research Lab's goal is to support the security community with exploration of new hacks, protection methods and education. Find more publications at: http://checkmarx.com/resources.aspx?id=1. You will be able to subscribe to complementary application security scanning at: http://www.cxcloud.com
Views: 16256 Checkmarx
Improved Code Clone Categorization
 
47:26
Google Tech Talk June 24, 2010 Presented by Dr. Nicholas A. Kraft. ABSTRACT Because 50% to 90% of developer effort during software maintenance is spent on program comprehension activities, techniques and tools that can reduce the effort spent by developers on these activities are required to reduce maintenance costs. One characteristic of a software system that can adversely affect its comprehensibility is the presence of similar or identical segments of code, or code clones. To promote developer awareness of the existence of code clones in a system, researchers recently have directed much attention to the problem of detecting these clones; these researchers have developed techniques and tools for clone detection and have discovered that significant portions of popular software systems such as the Linux kernel are cloned code. However, knowledge of the existence of clones is not sufficient to allow a developer to perform maintenance tasks correctly and completely in the presence of clones. Proper performance of these tasks requires a deep and complete understanding of the relationships among the clones in a system. Thus, new techniques and tools that will assist developers in the analysis of large numbers of clones are a critical need. In this talk I will describe preliminary work on code clone categorization that I am leading at The University of Alabama. In particular, I will describe the development of techniques and tools for categorization of code clones using structural and semantic properties of the clones. Specific research outcomes that we are working towards include: (1) a suite of metrics for measuring the congruence and complementarity of a number of static program representations that capture structural properties of the clones, (2) a process to categorize code clones based on these metrics, and (3) serial and integrated processes that combine structural categorization of code clones and semantic categorization of code clones. Bio: Nicholas A. Kraft is an assistant professor in the Department of Computer Science at The University of Alabama. He received his Ph.D. in computer science from the School of Computing at Clemson University. His research interests are in software engineering and languages, particularly source-code based reverse engineering techniques and tools for software understanding and maintenance. He has published on these topics in IEEE Transactions on Software Engineering, Science of Computer Programming, Information and Software Technology, and the Journal of Systems and Software. His current work is supported by four grants from the National Science Foundation. He has served on the program committees of conferences such as the International Conference on Program Comprehension and the International Conference on Software Language Engineering.
Views: 4695 GoogleTechTalks
Profiling Java Applications With AQtime
 
08:12
With AQtime, you can profile Java applications represented in the form of Java archives or machine-readable class files. You also can profile mixed-code Java applications - applications where certain parts are in Java, while other parts are native code. This video demonstrates how to use AQtime to profile a Java application represented in the form of a Java archive. From this video, you will learn how to: - Prepare Java applications for profiling. - Create and configure an AQtime project for the profiled Java archive: add the application module to the project, specify the Java application launcher as a host application, select a profiler, and so on. - Analyze profiling results and distinguish between byte-code routines and native routines.
Views: 1265 AutomatedQA
Javascript Obfuscator
 
05:39
http://polystyle.com/javascript-obfuscator Obfuscate PHP using Polystyle's Javascript Obfuscator so that you can make your code hard to read. This allows you to sell your source code without anyone else being able to easily reverse engineer it. With it you can obfuscate Javascript so that you can make your code hard to read. This allows you to sell your source code without anyone else being able to easily reverse engineer it. Features include: - Strips comments, newlines where ever possible, jumbles variable and function names - Analyzes external code so that your function calls to existing libraries will still work - Works on the command line or using the GUI - Includes obfuscators for: PHP Obfuscator, C# Obfuscator, Perl Obfuscator, Java Obfuscator, Javascript Obfuscator, JSP Obfuscator, Actionscript Obfuscator
Views: 3640 PolystyleFormatter
Quick Tip - Eclipse Format
 
00:39
A quick tip to show how you can quickly format a source file using Eclipse.
Groovy CodeNarc: How to Write a Rule
 
08:56
CodeNarc is an open source static analysis tool for the Groovy programming language. It detects possible bugs and defects in your code. This screencast shows you how easy it is to write your own CodeNarc rule.
Views: 4136 HamletDRC
Achieving Code Quality with Agile Pair Programming
 
01:34
How to use and not abuse pair programming: Use pairing on meaty features where the extra scrutiny and interaction will yield better quality on high-impact code. For more videos on how we do Agile, visit www.atlassian.com/agile.
Views: 1719 Atlassian
CERIAS Security: Static source code analysis 3/6
 
09:59
Clip 3/6 Speaker: Jacob West · Fortify Software Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine tooth comb and uncover the kinds of errors that lead directly to vulnerabilities. This talk frames the software security problem and shows how static analysis is part of the solution. Highlights include: * The most common security short-cuts and why they lead to security failures * Why programmers are in the best position to get security right * Where to look for security problems * How static analysis helps * The critical attributes and algorithms that make or break a static analysis tool We will look at how static analysis works, how to integrate it into the software development processes, and how to make the most of it during security code review. Along the way we'll look at examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar errors. For more information go to the Cerias website (http://bit.ly/dsFCBF)
Views: 443 Christiaan008
CERIAS Security: Static source code analysis 4/6
 
09:59
Clip 4/6 Speaker: Jacob West · Fortify Software Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine tooth comb and uncover the kinds of errors that lead directly to vulnerabilities. This talk frames the software security problem and shows how static analysis is part of the solution. Highlights include: * The most common security short-cuts and why they lead to security failures * Why programmers are in the best position to get security right * Where to look for security problems * How static analysis helps * The critical attributes and algorithms that make or break a static analysis tool We will look at how static analysis works, how to integrate it into the software development processes, and how to make the most of it during security code review. Along the way we'll look at examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar errors. For more information go to the Cerias website (http://bit.ly/dsFCBF)
Views: 300 Christiaan008
Test Design Studio - Code Analysis
 
09:06
Test Design Studio is a supplemental tool for use with QuickTest Professional. This video highlights the code analysis feature that will automatically highlight coding errors and potential run-time errors while you edit your files. For more information, visit http://www.patterson-consulting.net
Views: 403 pattconsulting
SolidSDD - Duplicate Code Detector
 
02:28
The Duplicate Code Detector (SolidSDD) is a standalone application for finding and analyzing duplicate code (i.e., code clones). It can be used to analyze large projects and detect code that has been cloned during development, for example by copy-paste-modify operations.
Views: 2382 Lucian Voinea
CERIAS Security: Static source code analysis 5/6
 
09:59
Clip 5/6 Speaker: Jacob West · Fortify Software Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine tooth comb and uncover the kinds of errors that lead directly to vulnerabilities. This talk frames the software security problem and shows how static analysis is part of the solution. Highlights include: * The most common security short-cuts and why they lead to security failures * Why programmers are in the best position to get security right * Where to look for security problems * How static analysis helps * The critical attributes and algorithms that make or break a static analysis tool We will look at how static analysis works, how to integrate it into the software development processes, and how to make the most of it during security code review. Along the way we'll look at examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar errors. For more information go to the Cerias website (http://bit.ly/dsFCBF)
Views: 224 Christiaan008
World Wide Navi Source Code Analysis
 
04:13
The software internationalization tool World Wide Navi operation demo, source code analysis. please refer to http://www.kokusaika.jp/product/wwnavi.html for more details.
Views: 630 inckjp
.net code generator tool
 
07:55
Codegentool tutorial Part 1 Contact: +971 553210971 EMAIL: [email protected]
Views: 388 Mumtaz Ali
Intermediate Java Tutorial - 14 - Stacks, push, pop
 
05:42
Facebook - https://www.facebook.com/TheNewBoston-464114846956315/ GitHub - https://github.com/buckyroberts Google+ - https://plus.google.com/+BuckyRoberts LinkedIn - https://www.linkedin.com/in/buckyroberts reddit - https://www.reddit.com/r/thenewboston/ Support - https://www.patreon.com/thenewboston thenewboston - https://thenewboston.com/ Twitter - https://twitter.com/bucky_roberts
Views: 212282 thenewboston
DMS: Software Tool Infrastructure
 
59:37
Google Tech Talk July 27, 2010 ABSTRACT Presented by Ira D. Baxter. Software systems continue to grow in size, complexity, and heterogeneity of structure. Manual methods for designing, implementing, and modifying software systems are becoming less effective. Tools to analyze application code to extract low level details ("static analysis") or architecture are becoming increasingly necessary. But the purpose of analysis is to support *change*. This talk will describe the DMS Software Reengineering Toolkit, a general purpose source code analysis and transformation system. DMS is a kind of generalized compiler, parameterized by language descriptions, analysis tasks and modification tasks, with mature language front ends for C, C++, C#, Java, Python, COBOL and a number of other languages, allows DMS to be applied to a wide variety of analysis and transformation tasks. DMS provides a kind of amortized infrastructure for tools in the same way that an OS provides amortized infrastructure for conventional application software; without the infrastructure, the cost of tools is much higher and delivery times are much longer. Its generalization allows also DMS to be used for an amazing variety of software engineering tasks. The talk will provide some description of the DMS infrastructure, and discuss a number of applications, including fully automated conversion of the mission software for the B-2 Stealth Bomber, large-scale architecture restructing of a C++ application system, architecture extraction for mainframe software, test coverage, as well as duplicate code detection. Dr. Baxter is CEO and CTO of Semantic Designs, Inc., the company behind the DMS toolkit. He has been involved with computing since 1966, working with digit circuits. He discovered software in 1967 and learned to program on IBM 1401 and 1620s. He implemented one of the first commercial minicomputer timesharing systems on a Data General Nova in 1970, before receiving his B.S. in Computer Science (1973). In 1976, he started Software Dynamics, a systems software house, where he designed compilers, time-sharing and distributed network operating systems. The similarity in concepts and dissimilarity in implementation of the various OSes suggested that managing designs was key to managing long-lived software systems, and turned Ira's interests towards deeper software engineering research. In 1990, he received a Ph.D. in Computer Science from the University of California at Irvine, where he studied Software Engineering, focusing on design reuse using transformational methods. Dr. Baxter spent several years with Schlumberger, working on a PDE-solver generator for CM-5 supercomputers (Sinapse). He was consulting Research Scientist for Rockwell International, focusing on industrial control automation software engineering tools for several years. In 1995, he founded Semantic Designs, to build commercial tools that will radically improve the methods and economics of software enhancement and maintenance. Dr. Baxter is the architect and one of the main implementers of DMS, and the architect and implementer of the PARLANSE parallel programming language. At Semantic Designs, he provides consulting to Fortune 100 companies on automated software analysis, transformation and domain-specific synthesis methods. For the last decade, he has been SD's principal management, supporting marketing and sales, and provides project vision, management and technical architecture to SD's large custom-software customers.
Views: 17341 GoogleTechTalks
Reporting and Metrics with Klocwork Review
 
03:42
Short demo on using Klocwork Review for reporting and metrics on your source code.
Views: 999 staticcodeanalysis
OWASP FROC 2010: Vulnerabilities in Secure Code 2/4
 
10:01
Clip 2/4 Speakers: Alex Wheeler and Ryan Smith, Accuvant Secure coding practices have advanced significantly within the past decade. Yet, vulnerabilities remain despite the huge advances in secure coding practices. This presentation will discuss real world vulnerabilities in widely deployed server and networking code bases having gone through rigorous automated and manual analysis. Ultimately, the participants are provided fruitful areas and methods to audit against code certified by our industry's top security programs. For more information go to: http://bit.ly/9jud2g
Views: 199 Christiaan008
Make Your Own First Basic Java Program
 
09:15
This video will show you how to make you own first basic java program, where you will be able to type dialog you want and it will be displayed in output, this is for beginners so no prior exp. needed;p Enjoy! Song in the video: SYNCING by billy reid go check out his channel!! Imperativa [Choir] Immediate Music Mercy Me- So Long Self
Views: 3342 Laser Circus
Top 10 Tips to FAIL Security Code Reviews for Web Applications
 
05:02
Based on the top 10 security mistakes web developers make. Video by: Iman Louis Voices: Mike D'Antonio, Iman Louis
Views: 14226 Louis, I
M86 Security - Real Time Code Analysis (Overview)
 
06:38
Watch how our patented Real Time Code Analysis works to detect threats.
Views: 345 M86Official
CodePeer - Find the Bug Challenge - Round 1
 
03:56
CodePeers advanced static error detection solutions find bugs in programs before programs are run. By mathematically analyzing every line of software, considering every possible input, and every path through the program, CodePeer can be used very early in the development life-cycle to identify problems when defects are exponentially less costly to repair.\r\rIn order to demonstrate the scope of CodePeers code analysis capabilities we thought wed have a little fun and each month post a simple piece of code that contains a few tricky bugs, so that you can see live the bug-finding capacities of CodePeer. Enjoy!
Views: 871 AdaCore
Klocwork Checker Studio
 
03:58
Create your own checkers using Klocwork's Checker Studio.
Views: 964 staticcodeanalysis
How To Add Google Analytics Code To A Static Website
 
03:05
A quick, simple video showing you how to add Google Analytics code to your website.
Views: 1588 LaneConsultancyVideo
OWASP FROC 2010: Solving Real World Problems with an Enterprise Security API 2/4
 
10:01
Clip 2/4 Speaker: Chris Schmidt A great deal of work has gone into aggregating statistics and information about security vulnerabilities in enterprise applications on the internet. A lot of work has also been done in creating software libraries and secure coding guidelines to mitigate vulnerabilities. The OWASP group has created an ESAPI that is meant to act as a service provider of security to enterprise applications. There is a lot of documentation and resources available on what an ESAPI is, but there is not much information on how to actually implement an ESAPI to mitigate a specific set of vulnerabilities in an application. This presentation aims to provide information on how to use ESAPI to solve real-world security problems in a clear and interactive way. Using ESAPI for Java and Javascript I will demonstrate examples of vulnerabilities in simple web applications, describe the problem and solution, then fix the vulnerabilities. I will also discuss the importance of developing the ESAPI to fit the business needs of the application. The presentation will use OWASP ESAPI configured with the reference implementations for Encoding/Decoding, Encryption, Logging, and Validation. For Authentication and Access Control a custom JAAS Implementation to show how easy it is to implement business specific implementations into the ESAPI framework. For more information go to: http://bit.ly/9jud2g
Views: 1903 Christiaan008
OWASP AppSec 2010:Web Frameworks and How They Kill Traditional Security Scanning 1/3
 
14:58
Clip 1/3 Speakers: Christian Hang and Lars Andren, Armorize Technologies Modern web application frameworks present a challenge to static analysis technologies due to how they influence application behavior in ways not obvious from the source code. This prevents efficient security scanning and can cause up to 80% of total potential issues to remain undetected due to the incorrect framework handling. After explaining the underlying problems, we demonstrate in a real world walk through using code analysis to scan actual application code. By extending static analysis with new framework specific components, even applications using complex frameworks like Struts and Smarty can be inspected automatically and code coverage of security analysis can be greatly enhanced. For more information click here (http://bit.ly/aeSvg2)
Views: 152 Christiaan008
Frama-C industrial usage by Dassault Aviation
 
05:07
Some industrial applications of the Frama-C platform.
Views: 14154 Benjamin Monate
Rock S.O.L.I.D. - S is for Single Responsibility
 
03:00
Jason Gorman of Codemanship explains the Single Responsibility design principles and illustrates what it might mean in practice with a simple code example. For info on OO design, TDD and refactoring training and coaching, visit http://www.codemanship.com
Views: 4930 Codemanship
Parameter Tampering by Checkmarx Research Labs
 
04:53
Checkmarx research lab goal is to support the security community with exploration of new hacks, protection methods and education. Find more publications at: http://checkmarx.com/resources.aspx?id=1. You will be able to subscribe to complementary application security scanning at: www.cxcloud.com
Views: 10411 Checkmarx
Bonus Code Smell Of the Week - Copy & Paste Inheritance
 
04:29
Quickly following on from the basic example of duplicate code, Jason Gorman shows how you can tackle copy-and-paste inheritance using the Extract Superclass refactoring. Download the source from http://bit.ly/9lsEvm For training and coaching in refactoring, test-driven development & OO design visit http://www.codemanship.com
Views: 3844 Codemanship
CCCC   2010
 
01:19
Views: 271 jtrance1
O2 Platform - Gui Automation PoC - Using Notepad.avi
 
01:35
This video shows an how to use O2 to automate any windows process GUI (in this case Notepad) For more details on the script that is being executed in this video see http://www.o2platform.com/wiki/O2_Script/PoC_-_Automating_Notepad.h2 The latest version of O2 can be downloaded from http://code.google.com/p/o2platform/downloads/list The main O2 website is at http://o2platform.com
Views: 188 Dinis Cruz
Evaluating Code in Wing IDE
 
01:08
Briefly shows how selections or whole files can be evaluated in the integrated Python Shell and Debug Probe in Wing IDE, as a quick way to test out, play with, or craft bugs fixes for code.
Views: 1676 wingware
Using Coverity plug-in for VS 2008 to analyze C++ source Code ניתוח קוד סטאטי
 
06:14
דני לייזרוביץ' מחברת אי.אס.אל. מערכות תוכנה (המרכז הישראלי לניתוח קוד סטאטי 09-8855803 [email protected] eswlab.com , www.eswlab.com ) מדגים בדיקה של יכולות כלי ניתוח קוד מקור סטאטי למצוא באגים, טעיות ודפקטים בפקודות קדם מהדר, סביבת 2008 Visual Studio Daniel Liezrowice from Engineering Software Lab (The Israeli Center for Static Code Analysis +972 3 6122918 , [email protected] eswlab.com. www.eswlab.com) demonstrating how to use Coverity Prevent plug for Visual Studio 2008 (Coverity Static Code Analysis ) to find C/C++ source code defects , this particulare example shows how well Coverity can analyze preprocessor directives compare to PC-Lint,
Views: 2565 Daniel Liezrowice
Cloud-Based Automated Software Reliability Services
 
01:16:09
Google Tech Talk July 22, 2010 ABSTRACT Presented by Professor George Candea http://people.epfl.ch/george.candea This talk proposes cloud-based automated software reliability services (SRS), a step toward making testing and debugging of code as easy as using webmail. SRS is automatic, without human involvement from the service user's or provider's side; this is unlike today's "testing as a service" businesses, which employ humans to write tests. First, I will outline four of the SRS components we envision: a "home edition" on-demand testing service for consumers to verify the software they are about to install on their PC or mobile device; a "programmer's sidekick" enabling developers to thoroughly and promptly test their code with minimal upfront resource investment; a public "certification service," akin to Underwriters Labs, that independently assesses the reliability, safety, and security of software; and an "automated debugging" service that helps developers fix code based on bug reports from the field. Then I will present in detail execution synthesis, the technique that makes automated debugging (the latter SRS component) a reality. Given a program and a bug report, execution synthesis combines static analysis and symbolic execution to "synthesize" a thread schedule and various required program inputs that cause the reported bug to manifest. The synthesized execution can then be played back deterministically in a regular debugger, like gdb. We have found this determinism to be particularly useful in debugging concurrency bugs. Our technique requires no runtime tracing or program modifications, thus incurring no runtime overhead and being practical for use in production systems. We evaluate it on popular software (e.g., the SQLite database, ghttpd Web server, HawkNL network library, UNIX utilities) and find that, starting from mere bug reports, it can reproduce on its own several real concurrency and memory safety bugs in less than three minutes.
Views: 7409 GoogleTechTalks
Klocwork C/C++ Refactoring: Analyze and Optimize Headers
 
02:37
This short demo will walk through the Analyze Header and Optimize Header refactorings.
Views: 645 staticcodeanalysis
Automatic detection of threats based on video analysis for city security systems
 
00:32
The dangerous event detection process is presented. First, image analysis is performed for moving objects detection. The object is separated from the background and its movement is analyzed. Then, based on changes of movement speed and direction, various potentially dangerous events can be detected. In presented sample an event "robbery" is defined as: - first a meeting of two moving objects A and B occurs, - then rapid change of speed and direction of A's movement happens (escape), - it is followed by B running after A (moving fast in direction of A's escape). Similar detection rule is used in case B is attacked and cannot follow A: - first a meeting of two moving objects A and B occurs, - then rapid change of speed and direction of A's movement happens (escape), - B is not moving, lying on the ground. - optionally, it can be detected if other pedestrians approach the event location to help B When such potentially dangerous event is automatically detected by video analysis algorithm, the video clip containing whole event is transmitted to the security system operator for verification. The operator verifies the alarm, confirms the event and decides what should be done next.
Views: 10546 INDECTproject