• DocumentCode
    838717
  • Title

    Using Static Analysis to Find Bugs

  • Author

    Ayewah, Nathaniel ; Hovemeyer, David ; Morgenthaler, J. David ; Penix, John ; Pugh, William

  • Author_Institution
    Univ. of Maryland, College Park, MD
  • Volume
    25
  • Issue
    5
  • fYear
    2008
  • Firstpage
    22
  • Lastpage
    29
  • Abstract
    Static analysis examines code in the absence of input data and without running the code. It can detect potential security violations (SQL injection), runtime errors (dereferencing a null pointer) and logical inconsistencies (a conditional test that can´t possibly be true). Although a rich body of literature exists on algorithms and analytical frameworks used by such tools, reports describing experiences in industry are much harder to come by. The authors describe FindBugs, an open source static-analysis tool for Java, and experiences using it in production settings. FindBugs evaluates what kinds of defects can be effectively detected with relatively simple techniques and helps developers understand how to incorporate such tools into software development.
  • Keywords
    Java; SQL; public domain software; security of data; software engineering; FindBugs; Java; SQL injection; open source static-analysis tool; runtime errors; security violations; software development; Computer bugs; Educational institutions; Java; Open source software; Production; Programming; Security; Software quality; Software tools; Testing; FindBugs; bug patterns; code quality; software defects; software quality; static analysis;
  • fLanguage
    English
  • Journal_Title
    Software, IEEE
  • Publisher
    ieee
  • ISSN
    0740-7459
  • Type

    jour

  • DOI
    10.1109/MS.2008.130
  • Filename
    4602670
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=838717