Software Engineering Radio - the podcast for professional software developers16 Jun 2007

Episode 59: Static Code Analysis

This episode is a discussion with Jonathan Aldrich (Assistant Professor at CMU) about static analysis. The discussion covered theory as well as practice and tools. We started with an explanation of what static analysis actually is, which kinds of errors it can find and how it is different from testing and reviews. The core challenge of such an analysis tool is to understand the semantics of the program and reduce its possible state space to make it analysable - in effect reconstructing the programmer's intent from the code. The user can "help" the tool with this challenge by using suitable annotations; also, languages could do a better job of being analysable. The conceptual discussion was concluded by looking at the principles of static analysis (termination, soundness. precision) and how this approach relates to model analysis. The second more practical part started out with a discussion of how Microsoft successfully uses static analysis in their Windows development. We then discussed some of the tools available; these include Findbugs, Coverity, Codesonar, Clockwork, Fortify, Polyspace and Codesurfer. To conclude the discussion of tools, we discussed the commonalities and differences with architecture visualization tools as well as metrics and heuristics. Part three of the discussion briefly looked at how to introduce static analysis tools into an organization's development process and tool chain. We concluded the discussion by looking at situations where static analysis does not work, as well as at the FLUID research project at CMU.

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(726)

SE Radio 721: Rob Moffat on Risk-First Software Development

In this episode, Rob Moffat, author of Risk-First Software Development and chief technical architect at the FinTech Open Source Software Foundation (FINOS), speaks with host Brijesh Ammanath about how...

20 Mai 52min

SE Radio 720: Martin Dilger on Understanding Eventsourcing

Martin Dilger, founder and CEO of Nebuilt GmbH, speaks with host Giovanni Asproni about event sourcing -- a software architecture pattern in which, rather than storing just the current state of your d...

13 Mai 55min

SE Radio 719: Birol Yildiz on Building an Agentic AI SRE

Birol Yildiz, CEO and co-founder of iLert, joins host Kanchan Shringi to explore how iLert built an AI SRE — an autonomous agent for handling production incidents — and what the experience revealed ab...

6 Mai 53min

SE Radio 718: Will Sentance on JS Modernization

Will Sentance, educator and co-founder of Codesmith, joins SE Radio's Adi Narayan to discuss the evolution of JavaScript and modern best practices. They begin with JavaScript's origins as a simple scr...

29 Apr 58min

SE Radio 717: Eric Tschetter on Decoupling Observability

In this episode, host Amey Ambade sits with Eric Tschetter, co-founder of Apache Druid and Chief Architect at Imply, to dissect the critical move toward Decoupling Observability. To begin, they define...

23 Apr 1h

SE Radio 716: Martin Kleppmann Local-First Software

Martin Kleppmann, Associate Professor at the University of Cambridge and author of the best-selling O'Reilly book Designing Data-Intensive Applications, talks to host Adi Narayan about local-first col...

15 Apr 55min

SE Radio 715: Sahaj Garg on Designing for Ambiguity in Human Input

Sahaj Garg, co-founder and CTO of Wispr, a voice-to-text AI that turns speech into polished writing, talks with host Amey Ambade about designing systems for the ambiguity that's inherent in human inpu...

8 Apr 48min

SE Radio 714: Costa Alexoglou on Remote Pair Programming

Costa Alexoglou, co-founder of the open source Hopp pair-programming application, talks with host Brijesh Ammanath about remote pair programming. They start with a quick introduction to pair programmi...

1 Apr 51min