HomeОбразованиеRelated VideosMore From: GoogleTalksArchive

Using Static Analysis For Software Defect Detection

44 ratings | 13399 views
Google TechTalks July 6, 2006 William Pugh ABSTRACT I'll talk about some of my experience in using and expanding static analysis tools for defect detection. The FindBugs tool developed at the Univ. of Maryland is now being widely used, including inside Google. I'll give an overview of FindBugs, show some of the kinds of errors we routinely find in production code, discuss the methodology we use for enhancing and expanding FindBugs and some of the recent additions to it, discuss ways of incorporating FindBugs into your development process (such as being able to get a report of all the warnings introduced since the last release of your software), and talk about the future of static analysis, including things such as a new Java JSR to provide standard annotations for things such as @NonNull and @Tainted. Google engEDU
Html code for embedding videos on your blog
Text Comments (9)
Camila Paradiso (2 years ago)
hey ,if anyone else wants to uncover asvab classes try Jaffacter Asvab Results Coach ( search on google ) ? Ive heard some extraordinary things about it and my friend got amazing results with it.
Rollo P. (2 years ago)
ReSharper takes care of this in most of the cases.
rrr00bb (4 years ago)
90% of all errors are the stupid Nullable default for references.  NotNull should be the default (undeclared) for all variables, perhaps immutable by default as well.  If you assign a var to a Nullable version of it, you should be unable to dereference it (ie: use the dot operator) until you assign it back to a default (NotNull) variable, at which you should get a ClassCastException on assignment.  What this means is that NullPointerException no longer exists, and you get an exception at the point where you began a wrong assumption about what was in the variable; rather than getting the exception at random usage points in the code.
rrr00bb (2 years ago)
Note that it's a special case of Dependent Types, which are types that depend on the actual value. Other obvious DependentTypes are things like non-negative (which might be a 2's complement representation that is physically capable of being negative if you didn't assert this as a type). More exotic ones might be "Prime" ... where the evidence that the number is prime is strong enough that the compiler can simply assume it without encountering a catastrophe (a cryptographic catastrophe). Bounds checks are similar. You can get a tremendous speed-up if you can enter a section of the stack trace where bounds checks can be safely removed. The boundaries can be asserted in a type.
rrr00bb (2 years ago)
It's not the same. If you need to cast to a non-null, that happens in exactly one place, generally before you enter a big mess of code. You might construct a struct that only has non-null references in it. Once under that part of the code, there are literally going to be hundreds or thousands of places where it might be dereferenced. Also, those places don't need null checks inserted under the covers of the machine code to ensure that an exception happens rather than undefined behavior. I think Swift actually has some support for this.
zdenda (2 years ago)
> If you assign a var to a Nullable version of it, you should be unable to dereference it Any ideas how to do it? Maybe NullPointerException ? :-D
pureindia (5 years ago)
good lecture. and good video.
Alejandro Varela (5 years ago)
very good lecture, thanks
David B (5 years ago)
Interesting.

Would you like to comment?

Join YouTube for a free account, or sign in if you are already a member.