Examining Bugs to Improve Static Analysis

Опубликовано 6 сентября 2016, 17:33

The FindBugs project is a static analysis tool for Java programs that is designed to find coding mistakes. The core thrust of the FindBugs project is to look actual coding mistakes that occur in production, and figure out which can be effectively found using simple static analysis techniques. FindBugs doesn't use SAT solvers, points-to analysis, or many of the sophisticated techniques developed at Microsoft and elsewhere. However, it has proven effective at finding serious coding mistakes and to be very popular with developers, with more than 600,000 downloads. I'll also take about some of our experiences with stupid but harmless coding mistake and effective incorporation of static analysis into the software development process. I'm hoping for an interactive talk with lots of discussion, as I'm very much interested in hearing about Microsoft's research and experience on these topics.