Software Engineering Radio - the podcast for professional software developers16 Jun 2007

Episode 59: Static Code Analysis

This episode is a discussion with Jonathan Aldrich (Assistant Professor at CMU) about static analysis. The discussion covered theory as well as practice and tools. We started with an explanation of what static analysis actually is, which kinds of errors it can find and how it is different from testing and reviews. The core challenge of such an analysis tool is to understand the semantics of the program and reduce its possible state space to make it analysable - in effect reconstructing the programmer's intent from the code. The user can "help" the tool with this challenge by using suitable annotations; also, languages could do a better job of being analysable. The conceptual discussion was concluded by looking at the principles of static analysis (termination, soundness. precision) and how this approach relates to model analysis. The second more practical part started out with a discussion of how Microsoft successfully uses static analysis in their Windows development. We then discussed some of the tools available; these include Findbugs, Coverity, Codesonar, Clockwork, Fortify, Polyspace and Codesurfer. To conclude the discussion of tools, we discussed the commonalities and differences with architecture visualization tools as well as metrics and heuristics. Part three of the discussion briefly looked at how to introduce static analysis tools into an organization's development process and tool chain. We concluded the discussion by looking at situations where static analysis does not work, as well as at the FLUID research project at CMU.

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(726)

Episode 69: Nico Josuttis on SOA (SOA Pt. 3)

This Episode is part five in our (probably ongoing) series on service oriented architecture. In this episode we talk to Nico Josuttis, who has recently published a book on this topic. As its title "SO...

24 Sep 200756min

Episode 68: Dan Grossman on Garbage Collection and Transactional Memory

This episode features a discussion with Dan Grossman about an essay paper he wrote for this year's OOPSLA conference. The paper is about an analogy between garbage collection and transactional memory....

14 Sep 200754min

Episode 67: Roundtable on MDSD and PLE

This is a roundtable discussion on model-driven software develoment and product line engineering. It was recorded at the Model-Driven Development and Product Lines: Synergies and Experience conference...

4 Sep 200748min

Episode 66: Gary McGraw on Security

This episode features an interview with the software security expert Gary McGraw. Gary explains why this topic is so important and gives several security deficiencies examples that he found in the pas...

24 Aug 200741min

Episode 65: Introduction to Embedded Systems

This episode is an introduction to embedded system. It is an introduction in the sense that we cover many topics very briefly: upcoming episodes will provides details for many of these topics. We star...

14 Aug 200744min

Episode 64: Luke Hohmann on Architecture and Business

In this episode we talk about the relationship between software architecture and the business. Based on his book, Beyond Software Architecture we discuss how things such as branding, licensing, updat...

4 Aug 200752min

Episode 63: A Pattern Language for Distributed Systems with Henney and Buschmann

In this Episode we talked about the new POSA 4 book which has recently been published. We talk to two of the authors, Kevlin Henney and Frank Buschmann (the third author, Doug Schmidt was not availabl...

25 Jul 20071h 6min

Episode 62: Martin Odersky on Scala

In this Episode we talk about the Scala language with its creator Martin Odersky. Scala is a language that fuses object oriented and functional programming. Martin started out by providing a two-minut...

15 Jul 200753min