Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Elena Laskavaia,Research In Motion,Eclipse Con, March 2012
 Use  Static Analysis Tools Sell Static Analysis Tools ◦   not discussing today   
12                                                       10                                           Extra Cost      ...
Analysis of source code without running it                     Reverse  Bug Detection                   Refactoring       ...
Stage                 Bug Life              CostAs you type           1s                    1 centDeveloper build       10...
   Finding of bugs for “Free”   Detection of security vulnerabilities   Enforcement of code style   Assistance on soft...
   Cost of Tools   Installation and Setup   Users Training   Build Integration and Maintenance   Tuning and Customiza...
   Use maximum of your IDE and compiler   If you need external tools try to pick ONE   Evaluate tool before buying   P...
   Integrate into existing software lifecycle!   Be customizable   Hide false positives without code modification   Ha...
 Incorrect integration Failure to tune: noise Obscure code Bug in tool
   Developers Workstation    ◦   Integrated as you type    ◦   In local build    ◦   As unit tests    ◦   As extra “tool”...
   Code Review    ◦ Bot code reviewer (gives -1 or +1 on review )   Commit Hook    ◦ Veto on code submission   Integra...
   All bugs have to be fixed   Free tool means no cost   The more tools we buy, the more bugs they    find, the better ...
   Zero Tolerance   Warnings are Evil   Progressive Exposure   Stop the Bleeding   Pick ONE tool for bug detection  ...
   Buy 5 tools and add another 5 free ones   Add all errors directly into bug tracking database   Report code style err...
Type                    How it affects the code   F.P. Rate   DensityProgramming Errors      Cause Program             Hig...
   Set to Error!
• Finds errors as you type• Provides quick fixes
   Maximize gain    ◦ Figure out what you want                                  Dev. Cost                                ...
Elena Laskavaia,elaskavaia@qnx.com
How to Profit from Static Analysis
How to Profit from Static Analysis
How to Profit from Static Analysis
How to Profit from Static Analysis
How to Profit from Static Analysis
How to Profit from Static Analysis
Upcoming SlideShare
Loading in …5
×

How to Profit from Static Analysis

1,014 views

Published on

Why it is profitable to use static analysis, how can it solves problems for developers, testing, security researches and quality managers.
This session gives overview of static analysis - what is it for, what problems it solves, overview of commercial and free tools available as eclipse plugins (for JDT and CDT), how to adapt it for the organization to help developers.

Published in: Technology
  • Be the first to comment

How to Profit from Static Analysis

  1. 1. Elena Laskavaia,Research In Motion,Eclipse Con, March 2012
  2. 2.  Use Static Analysis Tools Sell Static Analysis Tools ◦ not discussing today 
  3. 3. 12    10 Extra Cost Dev. Cost Profit8 Profit Profit Dev. Cost6 Extra Cost4 Dev. Cost Dev. Cost Dev. Cost Dev. Cost20 Before Ideal Real Real II Real III
  4. 4. Analysis of source code without running it Reverse Bug Detection Refactoring Engineering Security Visualization Unused Code Code Style Metrics Code Clones Code Compliance X-Ref Cleanup
  5. 5. Stage Bug Life CostAs you type 1s 1 centDeveloper build 10 sec 10 centDeveloper testing 10 min $3SCM check in 4h $10Integration build 1d $40Integration testing 10 days $200In the field from 30 days $1000+In outer space 3 years $100 million* 10000 1000 100 10 1 Dev Unit QA User Live Test Test Acc.
  6. 6.  Finding of bugs for “Free” Detection of security vulnerabilities Enforcement of code style Assistance on software certification and audit Help with testing and regression testing Automation of code review Generation of software metrics trends
  7. 7.  Cost of Tools Installation and Setup Users Training Build Integration and Maintenance Tuning and Customization Problems Triage
  8. 8.  Use maximum of your IDE and compiler If you need external tools try to pick ONE Evaluate tool before buying Pay for integration Tune it Customize it
  9. 9.  Integrate into existing software lifecycle! Be customizable Hide false positives without code modification Have ability to report new errors only Use adaptive error reporting Auto-correct errors Explain itself well
  10. 10.  Incorrect integration Failure to tune: noise Obscure code Bug in tool
  11. 11.  Developers Workstation ◦ Integrated as you type ◦ In local build ◦ As unit tests ◦ As extra “tool” to run on code
  12. 12.  Code Review ◦ Bot code reviewer (gives -1 or +1 on review ) Commit Hook ◦ Veto on code submission Integration Build ◦ Send auto-alerts on new bugs ◦ Provide trends on sw quality, maintainability, size Run on Demand ◦ Audit - FDA, DO-178B, MISRA ◦ Find bugs for external triage
  13. 13.  All bugs have to be fixed Free tool means no cost The more tools we buy, the more bugs they find, the better it is for us If we pay for the tools they will find all our bugs Tool just works out of the box Developers love to use a new tool
  14. 14.  Zero Tolerance Warnings are Evil Progressive Exposure Stop the Bleeding Pick ONE tool for bug detection Smart code style Don’t argue, fix the code!
  15. 15.  Buy 5 tools and add another 5 free ones Add all errors directly into bug tracking database Report code style errors instead of auto-correct Enforce obsolete and irrelevant code standards Enable errors that you don’t care about Enable errors which have limited applicability
  16. 16. Type How it affects the code F.P. Rate DensityProgramming Errors Cause Program High Low MisbehaviourCode Style Fail Certification Low HighSecurity Violations Cause security exploits High HighUnused Code Bigger Code Footprint Low MedVisibility Reduction, Poor Maintainability Low HighCode Clean-upPerformance Code Executes Slower Low High
  17. 17.  Set to Error!
  18. 18. • Finds errors as you type• Provides quick fixes
  19. 19.  Maximize gain ◦ Figure out what you want Dev. Cost Profit ◦ Find the right tool(s) Minimize cost ◦ Integrate ◦ Tune Dev. Cost ◦ Enforce ◦ Educate Before After
  20. 20. Elena Laskavaia,elaskavaia@qnx.com

×