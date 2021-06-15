Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
The Use of Static Code Analysis When Teaching or Developing Open-Source Software Presenter: George Gribkov
1. Static analysis: short overview 2. Use of static analysis at colleges and universities 3. Use of static analysis in stu...
Static Analysis: Short Overview 3
 Write correct code  Unit tests  Regression testing  Code review  …is there some other way?  Yes! For example – tool...
 Static analysis tools: check code when it’s not executed  Dynamic analysis tools: check code when it’s being executed A...
Cost to Fix a Bug 6
 Issues false positives  Difficulties with multithreading  Does not eliminate the need for code review Static Analysis ...
 Covers the entire code  Significantly faster than dynamic code analysis  More convenient for large projects Static Ana...
 Can check code style or whether the code complies with a coding standard (MISRA, AUTOSAR C++)  Easy to use  Helps deve...
Use of Static Analysis at Colleges and Universitites 10
 Helps check homework  Helps check final projects  Saves instructors’ time For Instructors 11
 Provides a chance to learn a new approach  Helps with self-study and problem solving  Facilitates development  Shows ...
Pattern Examples (Vangers) 13 void aciPackFile(....) { int sz,sz1; char *p,*p1; .... p = new char[sz]; p1 = new char[sz1];...
Pattern Examples (Vangers) 14 void aciPackFile(....) { int sz,sz1; char *p,*p1; .... p = new char[sz]; p1 = new char[sz1];...
Pattern Examples (Vangers) 15 void aciPackFile(....) { int sz,sz1; char *p,*p1; .... p = new char[sz]; p1 = new char[sz1];...
Pattern Examples (Apache HTTP Server) 16 static void MD4Transform( apr_uint32_t state[4], const unsigned char block[64]) {...
Pattern Examples (Apache HTTP Server) 17 static void MD4Transform( apr_uint32_t state[4], const unsigned char block[64]) {...
Pattern Examples (Apache HTTP Server) 18 static void MD4Transform( apr_uint32_t state[4], const unsigned char block[64]) {...
 Provides a chance to learn a new approach  Helps with self-study and problem solving  Facilitates development  Shows ...
Use of Static Analysis in Student and Open Projects 20
 Static analysis provides its maximum benefit only when used regularly! Regular Use is the Main Thing 21
Regular Use is the Main Thing 22
Efficient Static Analyzers 23 • PVS-Studio • Clang Static Analyzer • Cppcheck • Infer • IntelliJ IDEA • FindBugs • ... • A...
1. A classic development scenario (in office) 2. Developing student and open-source projects Introducing Analysis 24
 Locally on developers’ computer (plugins for IDE, compilation monitoring system) A Typical Scenario 25
 Continuous integration systems (command-line utilities, plugins for CI systems, monitoring systems) A Typical Scenario 26
A Typical Scenario 27
What’s the difference? Student and Open-Source Projects 28
A Typical Scenario 29
Student and Open-Source Projects 30
Student and Open-Source Projects 31
Student and Open-Source Projects 32
Student and Open-Source Projects 33
Using an Analyzer on Open-Source Projects 34
Using an Analyzer on Open-Source Projects 35
How to Analyze Community Contribution? 36
What to Do After the First Check? 37
Using an Analyzer on Open-Source Projects 38
Using an Analyzer on Open-Source Projects 39
Pull Request Analysis 40
How to Analyze Community Contribution? 41
 Suppress bases are a mass suppression tool for the analyzer’s warnings. After the First Check 42
 Suppress bases are a mass suppression tool for the analyzer’s warnings. After the First Check 43
 Hide old errors – keep up the normal pace  See only the latest warnings starting from this moment  Get immediate benef...
 A very convenient approach: the “ratcheting” method  The number of errors in the base is committed to the repository. ...
How to Work with Suppress Base 46
 https://habr.com/en/post/440610/ An Article on the Topic 47
Conclusion 48
 Static analysis helps study programming  It’s important to use static analysis regularly  It’s okay to use static anal...
A Free PVS-Studio License for Open-Source Project Developers 50
END Q&A51
Upcoming SlideShare
Loading in …5
×
Education
28 views
Jun. 15, 2021

The Use of Static Code Analysis When Teaching or Developing Open-Source Software

Static analysis: short overview. Use of static analysis at colleges and universities. Use of static analysis in student and open projects.

Related Books

Free with a 30 day trial from Scribd

See all
No One Succeeds Alone: Learn Everything You Can from Everyone You Can Robert Reffkin
(5/5)
Free
Group: How One Therapist and a Circle of Strangers Saved My Life Christie Tate
(4/5)
Free
Rude: Stop Being Nice and Start Being Bold Rebecca Reid
(4.5/5)
Free
Keep Moving: Notes on Loss, Creativity, and Change Maggie Smith
(4/5)
Free
Happiness Becomes You: A Guide to Changing Your Life for Good Tina Turner
(5/5)
Free
Think Like a Monk: Train Your Mind for Peace and Purpose Every Day Jay Shetty
(4.5/5)
Free
The Secret Rhonda Byrne
(4/5)
Free
How May I Serve Karen Mathews
(3.5/5)
Free
Decluttering at the Speed of Life: Winning Your Never-Ending Battle with Stuff Dana K. White
(4.5/5)
Free
The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life Mark Manson
(4.5/5)
Free
52 Small Changes for the Mind: Improve Memory * Minimize Stress * Increase Productivity * Boost Happiness Brett Blumenthal
(3/5)
Free
Present Over Perfect: Leaving Behind Frantic for a Simpler, More Soulful Way of Living Shauna Niequist
(4.5/5)
Free
Creative, Inc.: The Ultimate Guide to Running a Successful Freelance Business Joy Deangdeelert Cho
(3.5/5)
Free
Girl, Wash Your Face: Stop Believing the Lies About Who You Are so You Can Become Who You Were Meant to Be Rachel Hollis
(3.5/5)
Free
Boundaries Updated and Expanded Edition: When to Say Yes, How to Say No To Take Control of Your Life Henry Cloud
(4/5)
Free
Never Split the Difference: Negotiating As If Your Life Depended On It Chris Voss
(4.5/5)
Free

Related Audiobooks

Free with a 30 day trial from Scribd

See all
The Pillars of Self-Love D'Yonna Riley
(4.5/5)
Free
Live Free: Exceed Your Highest Expectations DeVon Franklin
(5/5)
Free
Laundry Love: Finding Joy in a Common Chore Patric Richardson
(4.5/5)
Free
The Art of Stopping: How to Be Still When You Have to Keep Going David Kundtz
(4/5)
Free
Dedicated: The Case for Commitment in an Age of Infinite Browsing Pete Davis
(4.5/5)
Free
The Full Spirit Workout: A 10-Step System to Shed Your Self-Doubt, Strengthen Your Spiritual Core, and Create a Fun & Fulfilling Life Kate Eckman
(5/5)
Free
Checking In: How Getting Real about Depression Saved My Life---and Can Save Yours Michelle Williams
(4.5/5)
Free
Live Your Life: My Story of Loving and Losing Nick Cordero Amanda Kloots
(5/5)
Free
The Awe Factor: How a Little Bit of Wonder Can Make a Big Difference in Your Life Allen Klein
(4.5/5)
Free
Average Expectations: Lessons in Lowering the Bar Shep Rose
(4/5)
Free
Keep Sharp: How to Build a Better Brain at Any Age Sanjay Gupta
(4.5/5)
Free
Single On Purpose: Redefine Everything. Find Yourself First. John Kim
(4.5/5)
Free
Create: Tools from Seriously Talented People to Unleash Your Creative Life Marc Silber
(4.5/5)
Free
Your Goal Guide: A Roadmap for Setting, Planning and Achieving Your Goals Debra Eckerling
(4/5)
Free
The Power of Voice: A Guide to Making Yourself Heard Denise Woods
(5/5)
Free
No Pain, No Gaines: The Good Stuff Doesn't Come Easy Chip Gaines
(4.5/5)
Free
no profile picture user

  • Be the first to comment

  • Be the first to like this

The Use of Static Code Analysis When Teaching or Developing Open-Source Software

  1. 1. The Use of Static Code Analysis When Teaching or Developing Open-Source Software Presenter: George Gribkov
  2. 2. 1. Static analysis: short overview 2. Use of static analysis at colleges and universities 3. Use of static analysis in student and open projects Contents 2
  3. 3. Static Analysis: Short Overview 3
  4. 4.  Write correct code  Unit tests  Regression testing  Code review  …is there some other way?  Yes! For example – tools for automated analysis. How to Improve Code Quality 4
  5. 5.  Static analysis tools: check code when it’s not executed  Dynamic analysis tools: check code when it’s being executed Automated Code Analysis Tools 5  Both approaches compliment each other very well.
  6. 6. Cost to Fix a Bug 6
  7. 7.  Issues false positives  Difficulties with multithreading  Does not eliminate the need for code review Static Analysis Disadvantages 7
  8. 8.  Covers the entire code  Significantly faster than dynamic code analysis  More convenient for large projects Static Analysis Advantages 8
  9. 9.  Can check code style or whether the code complies with a coding standard (MISRA, AUTOSAR C++)  Easy to use  Helps developers learn and teach Static Analysis Advantages 9
  10. 10. Use of Static Analysis at Colleges and Universitites 10
  11. 11.  Helps check homework  Helps check final projects  Saves instructors’ time For Instructors 11
  12. 12.  Provides a chance to learn a new approach  Helps with self-study and problem solving  Facilitates development  Shows and helps study error patterns For Students 12
  13. 13. Pattern Examples (Vangers) 13 void aciPackFile(....) { int sz,sz1; char *p,*p1; .... p = new char[sz]; p1 = new char[sz1]; .... delete p; delete p1; }
  14. 14. Pattern Examples (Vangers) 14 void aciPackFile(....) { int sz,sz1; char *p,*p1; .... p = new char[sz]; p1 = new char[sz1]; .... delete p; // <= delete p1; // <= }
  15. 15. Pattern Examples (Vangers) 15 void aciPackFile(....) { int sz,sz1; char *p,*p1; .... p = new char[sz]; p1 = new char[sz1]; .... delete [] p; delete [] p1; }
  16. 16. Pattern Examples (Apache HTTP Server) 16 static void MD4Transform( apr_uint32_t state[4], const unsigned char block[64]) { apr_uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[APR_MD4_DIGESTSIZE]; .... /* Zeroize sensitive information. */ memset(x, 0, sizeof(x)); }
  17. 17. Pattern Examples (Apache HTTP Server) 17 static void MD4Transform( apr_uint32_t state[4], const unsigned char block[64]) { apr_uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[APR_MD4_DIGESTSIZE]; .... /* Zeroize sensitive information. */ memset(x, 0, sizeof(x)); // <= }
  18. 18. Pattern Examples (Apache HTTP Server) 18 static void MD4Transform( apr_uint32_t state[4], const unsigned char block[64]) { apr_uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[APR_MD4_DIGESTSIZE]; .... /* Zeroize sensitive information. */ memset_s(x, 0, sizeof(x)); } *Or use the following flag: -fno-builtin-memset!
  19. 19.  Provides a chance to learn a new approach  Helps with self-study and problem solving  Facilitates development  Shows and helps study error patterns For Students 19
  20. 20. Use of Static Analysis in Student and Open Projects 20
  21. 21.  Static analysis provides its maximum benefit only when used regularly! Regular Use is the Main Thing 21
  22. 22. Regular Use is the Main Thing 22
  23. 23. Efficient Static Analyzers 23 • PVS-Studio • Clang Static Analyzer • Cppcheck • Infer • IntelliJ IDEA • FindBugs • ... • A detailed list of static analyzers:
  24. 24. 1. A classic development scenario (in office) 2. Developing student and open-source projects Introducing Analysis 24
  25. 25.  Locally on developers’ computer (plugins for IDE, compilation monitoring system) A Typical Scenario 25
  26. 26.  Continuous integration systems (command-line utilities, plugins for CI systems, monitoring systems) A Typical Scenario 26
  27. 27. A Typical Scenario 27
  28. 28. What’s the difference? Student and Open-Source Projects 28
  29. 29. A Typical Scenario 29
  30. 30. Student and Open-Source Projects 30
  31. 31. Student and Open-Source Projects 31
  32. 32. Student and Open-Source Projects 32
  33. 33. Student and Open-Source Projects 33
  34. 34. Using an Analyzer on Open-Source Projects 34
  35. 35. Using an Analyzer on Open-Source Projects 35
  36. 36. How to Analyze Community Contribution? 36
  37. 37. What to Do After the First Check? 37
  38. 38. Using an Analyzer on Open-Source Projects 38
  39. 39. Using an Analyzer on Open-Source Projects 39
  40. 40. Pull Request Analysis 40
  41. 41. How to Analyze Community Contribution? 41
  42. 42.  Suppress bases are a mass suppression tool for the analyzer’s warnings. After the First Check 42
  43. 43.  Suppress bases are a mass suppression tool for the analyzer’s warnings. After the First Check 43
  44. 44.  Hide old errors – keep up the normal pace  See only the latest warnings starting from this moment  Get immediate benefits from the analyzer  Do not forget about the old errors! Come back and fix them one-by-one. The Purpose of Suppress Bases 44
  45. 45.  A very convenient approach: the “ratcheting” method  The number of errors in the base is committed to the repository.  Changes are allowed only when they do not increase the total number of errors. How to Work with Suppress Base 45
  46. 46. How to Work with Suppress Base 46
  47. 47.  https://habr.com/en/post/440610/ An Article on the Topic 47
  48. 48. Conclusion 48
  49. 49.  Static analysis helps study programming  It’s important to use static analysis regularly  It’s okay to use static analysis in open-source projects! Recap 49
  50. 50. A Free PVS-Studio License for Open-Source Project Developers 50
  51. 51. END Q&A51

×