论文信息 - Experiences Using Static Analysis to Find Bugs

Experiences Using Static Analysis to Find Bugs

Static analysis examines code in the absence of input data and without running the code, and can detect potential security violations (e.g., SQL injection), runtime errors (e.g., dereferencing a null pointer) and logical inconsistencies (e.g., a conditional test that cannot possibly be true). While there is a rich body of literature on algorithms and analytical frameworks used by such tools, reports describing experiences with such tools in industry are much harder

David Hovemeyer | J. David Morgenthaler | William Pugh | John Penix | Nathaniel Ayewah

[1] Ian F. Darwin. Checking C programs with lint , 1988 .

[2] Dawson R. Engler,et al. Uprooting Software Defects at the Source , 2003, ACM Queue.

[3] J. David Morgenthaler,et al. Evaluating static analysis defect warnings on production software , 2007, PASTE '07.

[4] David Hovemeyer,et al. Evaluating and tuning a static analysis to find null pointer bugs , 2005, PASTE '05.

[5] Dawson R. Engler,et al. How to write system-specific, static checkers in metal , 2002, PASTE '02.

[6] William R. Bush,et al. A static analyzer for finding dynamic programming errors , 2000, Softw. Pract. Exp..

[7] David Hovemeyer,et al. Status report on JSR-305: annotations for software defect detection , 2007, OOPSLA '07.

[8] David Hovemeyer,et al. Tracking defect warnings across versions , 2006, MSR '06.

[9] David Hovemeyer,et al. Finding more null pointer bugs, but not too many , 2007, PASTE '07.

[10] Jacob West,et al. Secure Programming with Static Analysis , 2007 .