Title :
Using Static Analysis to Find Bugs
Author :
Ayewah, Nathaniel ; Hovemeyer, David ; Morgenthaler, J. David ; Penix, John ; Pugh, William
Author_Institution :
Univ. of Maryland, College Park, MD
Abstract :
Static analysis examines code in the absence of input data and without running the code. It can detect potential security violations (SQL injection), runtime errors (dereferencing a null pointer) and logical inconsistencies (a conditional test that can´t possibly be true). Although a rich body of literature exists on algorithms and analytical frameworks used by such tools, reports describing experiences in industry are much harder to come by. The authors describe FindBugs, an open source static-analysis tool for Java, and experiences using it in production settings. FindBugs evaluates what kinds of defects can be effectively detected with relatively simple techniques and helps developers understand how to incorporate such tools into software development.
Keywords :
Java; SQL; public domain software; security of data; software engineering; FindBugs; Java; SQL injection; open source static-analysis tool; runtime errors; security violations; software development; Computer bugs; Educational institutions; Java; Open source software; Production; Programming; Security; Software quality; Software tools; Testing; FindBugs; bug patterns; code quality; software defects; software quality; static analysis;
Journal_Title :
Software, IEEE
DOI :
10.1109/MS.2008.130
