Publication | Closed Access
Using Static Analysis to Find Bugs
512
Citations
8
References
2008
Year
Software MaintenanceSql InjectionEngineeringSoftware EngineeringSource Code AnalysisRuntime ErrorsSoftware AnalysisFormal VerificationStatic CheckingFuzzingStatic AnalysisComputer ScienceDebuggerStatic Program AnalysisSoftware DesignSoftware DevelopmentProgram AnalysisSoftware TestingFormal MethodsSystem Software
Static analysis examines code without input data or execution, detecting security violations, runtime errors, and logical inconsistencies, yet industry experience reports are scarce despite extensive literature on algorithms and frameworks. The authors aim to describe the open‑source Java static‑analysis tool FindBugs and its use in production environments. FindBugs assesses which defect types can be detected by simple techniques and guides developers on integrating such tools into software development. The study shows that FindBugs can effectively detect various defect classes and assists developers in incorporating static analysis into their workflows.
Static analysis examines code in the absence of input data and without running the code. It can detect potential security violations (SQL injection), runtime errors (dereferencing a null pointer) and logical inconsistencies (a conditional test that can't possibly be true). Although a rich body of literature exists on algorithms and analytical frameworks used by such tools, reports describing experiences in industry are much harder to come by. The authors describe FindBugs, an open source static-analysis tool for Java, and experiences using it in production settings. FindBugs evaluates what kinds of defects can be effectively detected with relatively simple techniques and helps developers understand how to incorporate such tools into software development.
| Year | Citations | |
|---|---|---|
Page 1
Page 1