The Community for Technology Leaders
Green Image
Issue No. 05 - Sept.-Oct. (2008 vol. 25)
ISSN: 0740-7459
pp: 22-29
Nathaniel Ayewah , University of Maryland, College Park
John Penix , Google
William Pugh , University of Maryland, College Park
David Hovemeyer , York College of Pennsylvania
Static analysis examines code in the absence of input data and without running the code. It can detect potential security violations (SQL injection), runtime errors (dereferencing a null pointer) and logical inconsistencies (a conditional test that can't possibly be true). Although a rich body of literature exists on algorithms and analytical frameworks used by such tools, reports describing experiences in industry are much harder to come by. The authors describe FindBugs, an open source static-analysis tool for Java, and experiences using it in production settings. FindBugs evaluates what kinds of defects can be effectively detected with relatively simple techniques and helps developers understand how to incorporate such tools into software development.
static analysis, FindBugs, code quality, bug patterns, software defects, software quality
Nathaniel Ayewah, John Penix, J. David Morgenthaler, William Pugh, David Hovemeyer, "Using Static Analysis to Find Bugs", IEEE Software, vol. 25, no. , pp. 22-29, Sept.-Oct. 2008, doi:10.1109/MS.2008.130
105 ms
(Ver 3.1 (10032016))