Sun Java Solaris Communities My SDN Account Join SDN
» search tips 
Sun Developer Network
Developers Home > Javaone Online
 

JavaOne Online Technical Sessions

Pump Up Your Technical Knowledge
Listen and watch as industry luminaries bring you the latest on Java technologies
 
Begin Product Tab Sub Links Active Sub LinkJavaOne Technical Sessions JavaOne Hands-on Labs

Improving Software Quality with Static Analysis
TS-2007


Presenter: William Pugh, Univ. of Maryland

Static analysis tools can examine your code without executing it and find code quality problems you'll want to pay attention to. These tools have moved far beyond lint and complaining about not using curly braces in your if statements. They can find things such as statements that are guaranteed to dereference a null pointer if executed, methods that do nothing but invoke themselves again and again in an infinite recursive loop, SQL injection, and many other serious programming faults. Some of the faults these tools find in production software are straightforward; others are programming-puzzler-worthy. In fact, many of Joshua Bloch and Neal Gafter's programming puzzlers can be detected by static analysis, including a puzzler bug Bloch and Gafter inadvertently introduced into one of the solutions provided in their book.

This session discusses primarily FindBugs, an open source tool for finding defects in Java technology-based programs. It covers the kinds of errors it finds and gives examples of bugs found by FindBugs in production software. Generally, FindBugs finds a serious issue every several thousand lines of code. FindBugs reports more than 450 serious correctness warnings in Sun's JDK software, and the speakers' own auditing and experience have shown that the substantial majority of those warnings correspond to coding defects that should be fixed.

The presentation also discusses how to integrate static analysis into your development process, including issues such as false-positive suppression; rule filtering; auditing; and differential analysis, such as getting a report of just the warnings that have been introduced since the last release to customers.

Anyone with a working knowledge of the Java programming language will be able to understand the issues and defects this session discusses, but even the most seasoned veterans will find the information both interesting and dismaying.

Also briefly discussed are the status of JSR 305, Annotations for Software Defect Detection, and other static analysis tools such as Jackpot, PMD, and the static analysis built into Eclipse and IntelliJ.

Watch The Session
You need to be a registered Sun Developer Network member to view this multimedia session. If you are a registered SDN member, please click on "Watch Multimedia" button to log-in to view the multimedia session. If you wish to join SDN, please click here.
»  Send Feedback
 
Search Topics and Sessions
 
FREE White Papers on Java SE, Java EE, cloud computing and database technologies.
» Get White Papers Now!
New SDN Member Only Offers Every Month Discounts, FREE white papers and more!
» Check it out!
Java University and JavaOne Training Sessions
» Start learning Today!
About Sun  |  About This Site  |  Newsletters  |  Contact Us  |  Employment  |  How to Buy  |  Licensing  |  Terms of Use  |  Privacy  |  Trademarks
 

 
Copyright Sun Microsystems, Inc.
A Sun Developer Network Site

Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.
 
XML Sun Developer RSS Feeds