Abstract :
Programmers usually employ static checkers, it checks our programs for errors without executing them, in a process called static code analysis. In this way, it works with a program that has an initial indication of correctness (because it compiles) and try to avoid well-known traps and pitfalls before measuring it against its specifications (when it´s tested). We use FindBugs, a popular open source static code checker for Java. Static code checkers in Java come in two flavors: those that work directly on the program source code and those that work on the compiled bytecode. Although each code checker works in its own way, most share some basic traits. They read the program and construct some model of it, a kind of abstract representation that they can use for matching the error patterns they recognize. They also perform some kind of data-flow analysis, trying to infer the possible values that variables might have at certain points in the program. Data-flow analysis is especially important for vulnerability checking, an increasingly important area for code checkers
Keywords :
Java; data flow analysis; program testing; program verification; public domain software; FindBugs; Java; data-flow analysis; open source code checker; program debugging; program testing; static code analysis; Computer bugs; Insects; Inspection; Java; Open source software; Software testing; debugging; software testing; static checkers;
