Andrey Karpov, profile picture
Uploaded byAndrey Karpov
PPTX, PDF61 views

The Use of Static Code Analysis When Teaching or Developing Open-Source Software

The document discusses using static code analysis when teaching or developing open-source software. It outlines how static analysis can help instructors check student homework and projects more efficiently, and help students learn about error patterns. When using static analysis for open-source projects, it recommends integrating it into developers' workflows locally and via continuous integration systems. Regular use is key to maximizing its benefits for finding and fixing bugs.

Download to read offline
The Use of Static Code Analysis When Teaching or Developing Open-Source Software Presenter: George Gribkov
1. Static analysis: short overview 2. Use of static analysis at colleges and universities 3. Use of static analysis in student and open projects Contents 2
Static Analysis: Short Overview 3
 Write correct code  Unit tests  Regression testing  Code review  …is there some other way?  Yes! For example – tools for automated analysis. How to Improve Code Quality 4
 Static analysis tools: check code when it’s not executed  Dynamic analysis tools: check code when it’s being executed Automated Code Analysis Tools 5  Both approaches compliment each other very well.
Cost to Fix a Bug 6
 Issues false positives  Difficulties with multithreading  Does not eliminate the need for code review Static Analysis Disadvantages 7
 Covers the entire code  Significantly faster than dynamic code analysis  More convenient for large projects Static Analysis Advantages 8
 Can check code style or whether the code complies with a coding standard (MISRA, AUTOSAR C++)  Easy to use  Helps developers learn and teach Static Analysis Advantages 9
Use of Static Analysis at Colleges and Universitites 10
 Helps check homework  Helps check final projects  Saves instructors’ time For Instructors 11
 Provides a chance to learn a new approach  Helps with self-study and problem solving  Facilitates development  Shows and helps study error patterns For Students 12
Pattern Examples (Vangers) 13 void aciPackFile(....) { int sz,sz1; char *p,*p1; .... p = new char[sz]; p1 = new char[sz1]; .... delete p; delete p1; }
Pattern Examples (Vangers) 14 void aciPackFile(....) { int sz,sz1; char *p,*p1; .... p = new char[sz]; p1 = new char[sz1]; .... delete p; // <= delete p1; // <= }
Pattern Examples (Vangers) 15 void aciPackFile(....) { int sz,sz1; char *p,*p1; .... p = new char[sz]; p1 = new char[sz1]; .... delete [] p; delete [] p1; }
Pattern Examples (Apache HTTP Server) 16 static void MD4Transform( apr_uint32_t state[4], const unsigned char block[64]) { apr_uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[APR_MD4_DIGESTSIZE]; .... /* Zeroize sensitive information. */ memset(x, 0, sizeof(x)); }
Pattern Examples (Apache HTTP Server) 17 static void MD4Transform( apr_uint32_t state[4], const unsigned char block[64]) { apr_uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[APR_MD4_DIGESTSIZE]; .... /* Zeroize sensitive information. */ memset(x, 0, sizeof(x)); // <= }
Pattern Examples (Apache HTTP Server) 18 static void MD4Transform( apr_uint32_t state[4], const unsigned char block[64]) { apr_uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[APR_MD4_DIGESTSIZE]; .... /* Zeroize sensitive information. */ memset_s(x, 0, sizeof(x)); } *Or use the following flag: -fno-builtin-memset!
 Provides a chance to learn a new approach  Helps with self-study and problem solving  Facilitates development  Shows and helps study error patterns For Students 19
Use of Static Analysis in Student and Open Projects 20
 Static analysis provides its maximum benefit only when used regularly! Regular Use is the Main Thing 21
Regular Use is the Main Thing 22
Efficient Static Analyzers 23 • PVS-Studio • Clang Static Analyzer • Cppcheck • Infer • IntelliJ IDEA • FindBugs • ... • A detailed list of static analyzers:
1. A classic development scenario (in office) 2. Developing student and open-source projects Introducing Analysis 24
 Locally on developers’ computer (plugins for IDE, compilation monitoring system) A Typical Scenario 25
 Continuous integration systems (command-line utilities, plugins for CI systems, monitoring systems) A Typical Scenario 26
A Typical Scenario 27
What’s the difference? Student and Open-Source Projects 28
A Typical Scenario 29
Student and Open-Source Projects 30
Student and Open-Source Projects 31
Student and Open-Source Projects 32
Student and Open-Source Projects 33
Using an Analyzer on Open-Source Projects 34
Using an Analyzer on Open-Source Projects 35
How to Analyze Community Contribution? 36
What to Do After the First Check? 37
Using an Analyzer on Open-Source Projects 38
Using an Analyzer on Open-Source Projects 39
Pull Request Analysis 40
How to Analyze Community Contribution? 41
 Suppress bases are a mass suppression tool for the analyzer’s warnings. After the First Check 42
 Suppress bases are a mass suppression tool for the analyzer’s warnings. After the First Check 43
 Hide old errors – keep up the normal pace  See only the latest warnings starting from this moment  Get immediate benefits from the analyzer  Do not forget about the old errors! Come back and fix them one-by-one. The Purpose of Suppress Bases 44
 A very convenient approach: the “ratcheting” method  The number of errors in the base is committed to the repository.  Changes are allowed only when they do not increase the total number of errors. How to Work with Suppress Base 45
How to Work with Suppress Base 46
 https://habr.com/en/post/440610/ An Article on the Topic 47
Conclusion 48
 Static analysis helps study programming  It’s important to use static analysis regularly  It’s okay to use static analysis in open-source projects! Recap 49
A Free PVS-Studio License for Open-Source Project Developers 50
END Q&A51

More Related Content

PDF
TMPA-2015: The Application of Parameterized Hierarchy Templates for Automated...
byIosif Itkin
 
PDF
TMPA-2017: Vellvm - Verifying the LLVM
byIosif Itkin
 
PDF
TMPA-2017: Regression Testing with Semiautomatic Test Selection for Auditing ...
byIosif Itkin
 
PDF
TMPA-2015: A Need To Specify and Verify Standard Functions
byIosif Itkin
 
PDF
Cppcheck
byPVS-Studio
 
PPTX
Reverse Engineering automation
byPositive Hack Days
 
PDF
TMPA-2017: Evolutionary Algorithms in Test Generation for digital systems
byIosif Itkin
 
PPT
Testing
bySteve Loughran
 
TMPA-2015: The Application of Parameterized Hierarchy Templates for Automated...
byIosif Itkin
 
TMPA-2017: Vellvm - Verifying the LLVM
byIosif Itkin
 
TMPA-2017: Regression Testing with Semiautomatic Test Selection for Auditing ...
byIosif Itkin
 
TMPA-2015: A Need To Specify and Verify Standard Functions
byIosif Itkin
 
Cppcheck
byPVS-Studio
 
Reverse Engineering automation
byPositive Hack Days
 
TMPA-2017: Evolutionary Algorithms in Test Generation for digital systems
byIosif Itkin
 
Testing
bySteve Loughran
 

What's hot

PDF
Symbolic Execution (introduction and hands-on)
byEmilio Coppa
 
PPTX
Loops in c
byshubhampandav3
 
PDF
Program errors occurring while porting C++ code from 32-bit platforms on 64-b...
byAndrey Karpov
 
PPT
Code Analysis-run time error prediction
byNIKHIL NAWATHE
 
PPTX
Static analysis
byGowriLatha1
 
PDF
Search-driven String Constraint Solving for Vulnerability Detection
byLionel Briand
 
PDF
SherLog: Error Diagnosis by Connecting Clues from Run-time Logs
byDacong (Tony) Yan
 
PPTX
IEEE SCAM 2017 Revisiting Exception Handling Practices with Exception Flow An...
byGui Padua
 
PPT
Templates exception handling
bysanya6900
 
PPT
9781285852744 ppt ch14
byTerry Yoast
 
PPTX
Extending C# with Roslyn and Code Aware Libraries
byCarlo Pescio
 
PPT
Unit iii
bysnehaarao19
 
PDF
Mock object
byHiroyuki Ohnaka
 
PDF
Java 8 - Lambdas and much more
byAlin Pandichi
 
PPTX
STAMP
bySaswat Anand
 
PPTX
C programming language tutorial
byDr. SURBHI SAROHA
 
PPT
Storage classes
byShanmughaneethi Velu
 
DOCX
Qtp certification questions2
byRamu Palanki
 
PPTX
C language (Part 2)
byDr. SURBHI SAROHA
 
PDF
Headache from using mathematical software
byPVS-Studio
 
Symbolic Execution (introduction and hands-on)
byEmilio Coppa
 
Loops in c
byshubhampandav3
 
Program errors occurring while porting C++ code from 32-bit platforms on 64-b...
byAndrey Karpov
 
Code Analysis-run time error prediction
byNIKHIL NAWATHE
 
Static analysis
byGowriLatha1
 
Search-driven String Constraint Solving for Vulnerability Detection
byLionel Briand
 
SherLog: Error Diagnosis by Connecting Clues from Run-time Logs
byDacong (Tony) Yan
 
IEEE SCAM 2017 Revisiting Exception Handling Practices with Exception Flow An...
byGui Padua
 
Templates exception handling
bysanya6900
 
9781285852744 ppt ch14
byTerry Yoast
 
Extending C# with Roslyn and Code Aware Libraries
byCarlo Pescio
 
Unit iii
bysnehaarao19
 
Mock object
byHiroyuki Ohnaka
 
Java 8 - Lambdas and much more
byAlin Pandichi
 
STAMP
bySaswat Anand
 
C programming language tutorial
byDr. SURBHI SAROHA
 
Storage classes
byShanmughaneethi Velu
 
Qtp certification questions2
byRamu Palanki
 
C language (Part 2)
byDr. SURBHI SAROHA
 
Headache from using mathematical software
byPVS-Studio
 

Similar to The Use of Static Code Analysis When Teaching or Developing Open-Source Software

PPTX
Does static analysis need machine learning?
byAndrey Karpov
 
PPT
CS2006Ch02A.ppt dfxgbfdcgbhfcdhbfdcbfdcgfdg
byRahithAhsan1
 
PPTX
The operation principles of PVS-Studio static code analyzer
byAndrey Karpov
 
PPTX
PVS-Studio and static code analysis technique
byAndrey Karpov
 
PDF
Reducing Redundancies in Multi-Revision Code Analysis
bySebastiano Panichella
 
PPTX
Introduction to White box testing
byAliaa Monier Ismaail
 
PDF
Skiron - Experiments in CPU Design in D
byMithun Hunsur
 
PPTX
Static analysis works for mission-critical systems, why not yours?
byRogue Wave Software
 
PPTX
Code instrumentation
byBryan Reinero
 
PDF
Fuzzing - Part 2
byUTD Computer Security Group
 
PDF
What’s eating python performance
byPiotr Przymus
 
PPT
01SoftwEng.pptInnovation technology pptInnovation technology ppt
bysultanahimed3
 
PPTX
SE2023 0401 Software Coding and Testing.pptx
byBharat Chawda
 
PPTX
Physics lab ppt for btech students in engineetin
bysunkaraasharani
 
PPTX
Static code analysis: what? how? why?
byAndrey Karpov
 
PDF
Online Machine Learning: introduction and examples
byFelipe
 
PPSX
Ds03 part i algorithms by jyoti lakhani
byjyoti_lakhani
 
PPT
5.Black Box Testing and Levels of Testing.ppt
bySyedAhmad732853
 
PDF
More about PHP
byJonathan Francis Roscoe
 
PPT
ch01-basic-java-programs.ppt
byMahyuddin8
 
Does static analysis need machine learning?
byAndrey Karpov
 
CS2006Ch02A.ppt dfxgbfdcgbhfcdhbfdcbfdcgfdg
byRahithAhsan1
 
The operation principles of PVS-Studio static code analyzer
byAndrey Karpov
 
PVS-Studio and static code analysis technique
byAndrey Karpov
 
Reducing Redundancies in Multi-Revision Code Analysis
bySebastiano Panichella
 
Introduction to White box testing
byAliaa Monier Ismaail
 
Skiron - Experiments in CPU Design in D
byMithun Hunsur
 
Static analysis works for mission-critical systems, why not yours?
byRogue Wave Software
 
Code instrumentation
byBryan Reinero
 
Fuzzing - Part 2
byUTD Computer Security Group
 
What’s eating python performance
byPiotr Przymus
 
01SoftwEng.pptInnovation technology pptInnovation technology ppt
bysultanahimed3
 
SE2023 0401 Software Coding and Testing.pptx
byBharat Chawda
 
Physics lab ppt for btech students in engineetin
bysunkaraasharani
 
Static code analysis: what? how? why?
byAndrey Karpov
 
Online Machine Learning: introduction and examples
byFelipe
 
Ds03 part i algorithms by jyoti lakhani
byjyoti_lakhani
 
5.Black Box Testing and Levels of Testing.ppt
bySyedAhmad732853
 
More about PHP
byJonathan Francis Roscoe
 
ch01-basic-java-programs.ppt
byMahyuddin8
 

More from Andrey Karpov

PDF
60 антипаттернов для С++ программиста
byAndrey Karpov
 
PDF
60 terrible tips for a C++ developer
byAndrey Karpov
 
PPTX
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
byAndrey Karpov
 
PDF
PVS-Studio in 2021 - Error Examples
byAndrey Karpov
 
PDF
PVS-Studio in 2021 - Feature Overview
byAndrey Karpov
 
PDF
PVS-Studio в 2021 - Примеры ошибок
byAndrey Karpov
 
PDF
PVS-Studio в 2021
byAndrey Karpov
 
PPTX
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
byAndrey Karpov
 
PPTX
Best Bugs from Games: Fellow Programmers' Mistakes
byAndrey Karpov
 
PPTX
Typical errors in code on the example of C++, C#, and Java
byAndrey Karpov
 
PPTX
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
byAndrey Karpov
 
PPTX
Game Engine Code Quality: Is Everything Really That Bad?
byAndrey Karpov
 
PPTX
C++ Code as Seen by a Hypercritical Reviewer
byAndrey Karpov
 
PPTX
Static Code Analysis for Projects, Built on Unreal Engine
byAndrey Karpov
 
PPTX
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
byAndrey Karpov
 
PPTX
The Great and Mighty C++
byAndrey Karpov
 
PDF
Zero, one, two, Freddy's coming for you
byAndrey Karpov
 
PDF
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
byAndrey Karpov
 
PDF
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
byAndrey Karpov
 
PDF
Analysis of commits and pull requests in Travis CI, Buddy and AppVeyor using ...
byAndrey Karpov
 
60 антипаттернов для С++ программиста
byAndrey Karpov
 
60 terrible tips for a C++ developer
byAndrey Karpov
 
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
byAndrey Karpov
 
PVS-Studio in 2021 - Error Examples
byAndrey Karpov
 
PVS-Studio in 2021 - Feature Overview
byAndrey Karpov
 
PVS-Studio в 2021 - Примеры ошибок
byAndrey Karpov
 
PVS-Studio в 2021
byAndrey Karpov
 
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
byAndrey Karpov
 
Best Bugs from Games: Fellow Programmers' Mistakes
byAndrey Karpov
 
Typical errors in code on the example of C++, C#, and Java
byAndrey Karpov
 
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
byAndrey Karpov
 
Game Engine Code Quality: Is Everything Really That Bad?
byAndrey Karpov
 
C++ Code as Seen by a Hypercritical Reviewer
byAndrey Karpov
 
Static Code Analysis for Projects, Built on Unreal Engine
byAndrey Karpov
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
byAndrey Karpov
 
The Great and Mighty C++
byAndrey Karpov
 
Zero, one, two, Freddy's coming for you
byAndrey Karpov
 
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
byAndrey Karpov
 
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
byAndrey Karpov
 
Analysis of commits and pull requests in Travis CI, Buddy and AppVeyor using ...
byAndrey Karpov
 

Recently uploaded

PPTX
UNIT -1 INTRODUCTION OF PSYCHOLOGY IN GNM.pptx
byPoojaSen20
 
PDF
New Frontier-Cultivating Discipleship in an AI-Driven World.pdf
bySr Nancy Usselmann
 
PDF
2025 Bonner Congress Strategy Session– Student Leadership Bonner and Beyond.pdf
byBonner Foundation
 
PDF
Political conditions in 6th cent BCE: Mahajanpadas and Republics
byPrachiSontakke5
 
PPTX
02-Session-1.b_Understanding-the-ARAL-Reading-Program (1).pptx
byKimberlyAnnCastroVit
 
PDF
Forsyth Tech's new mission, vision, values, and North Star
byMebane Rash
 
PPTX
QUARTER TWO MATATAG CURRICULUM PE AND HEALTH
byhitpreeman122
 
PDF
Function of Words in Context_V-N-ADJ-ADV.pdf
byNetziValdelomar1
 
PDF
Transformation Framework for Transitioning Traditional Universities to Online...
byLeonel Morgado
 
PPTX
Staircase: Types, Design & Indian Standards
byMrunali Vasava
 
PPTX
PPT-Session-Slides-of-National-Orientation-on-DO-24-s.-2025.pptx
byElmabethDelaCruz2
 
PDF
1.1 Historical background & development of Profession of Pharmacy.pdf
byMr. SAKHARE R. S.
 
PPTX
Hudson Vitale "AI Essentials: From Tools to Strategies: A 2025 NISO Training ...
byNational Information Standards Organization (NISO)
 
PDF
BPH - SEM - III, STATE OF MATTER - UNIT II - PP - I.pdf
byMr. SAKHARE R. S.
 
DOCX
Mid-Year-Review-Form school year 2025-2026
byCATHERINENIEVES3
 
PPTX
SCOPE OF NURSING. pptx
byAneetaSharma15
 
PDF
2025 Bonner Congress Opening Engage Now.pdf
byBonner Foundation
 
PPTX
Historical Development and Evolution of Indian Knowledge system
byBanaras Hindu University
 
PPTX
Safety Needs and Prevention of environmental hazards.pptx
byAneetaSharma15
 
PDF
Writing Against Empire, An Interview.pdf
byyalehistoricalreview
 
UNIT -1 INTRODUCTION OF PSYCHOLOGY IN GNM.pptx
byPoojaSen20
 
New Frontier-Cultivating Discipleship in an AI-Driven World.pdf
bySr Nancy Usselmann
 
2025 Bonner Congress Strategy Session– Student Leadership Bonner and Beyond.pdf
byBonner Foundation
 
Political conditions in 6th cent BCE: Mahajanpadas and Republics
byPrachiSontakke5
 
02-Session-1.b_Understanding-the-ARAL-Reading-Program (1).pptx
byKimberlyAnnCastroVit
 
Forsyth Tech's new mission, vision, values, and North Star
byMebane Rash
 
QUARTER TWO MATATAG CURRICULUM PE AND HEALTH
byhitpreeman122
 
Function of Words in Context_V-N-ADJ-ADV.pdf
byNetziValdelomar1
 
Transformation Framework for Transitioning Traditional Universities to Online...
byLeonel Morgado
 
Staircase: Types, Design & Indian Standards
byMrunali Vasava
 
PPT-Session-Slides-of-National-Orientation-on-DO-24-s.-2025.pptx
byElmabethDelaCruz2
 
1.1 Historical background & development of Profession of Pharmacy.pdf
byMr. SAKHARE R. S.
 
Hudson Vitale "AI Essentials: From Tools to Strategies: A 2025 NISO Training ...
byNational Information Standards Organization (NISO)
 
BPH - SEM - III, STATE OF MATTER - UNIT II - PP - I.pdf
byMr. SAKHARE R. S.
 
Mid-Year-Review-Form school year 2025-2026
byCATHERINENIEVES3
 
SCOPE OF NURSING. pptx
byAneetaSharma15
 
2025 Bonner Congress Opening Engage Now.pdf
byBonner Foundation
 
Historical Development and Evolution of Indian Knowledge system
byBanaras Hindu University
 
Safety Needs and Prevention of environmental hazards.pptx
byAneetaSharma15
 
Writing Against Empire, An Interview.pdf
byyalehistoricalreview
 

The Use of Static Code Analysis When Teaching or Developing Open-Source Software

  • 1.
    The Use ofStatic Code Analysis When Teaching or Developing Open-Source Software Presenter: George Gribkov
  • 2.
    1. Static analysis:short overview 2. Use of static analysis at colleges and universities 3. Use of static analysis in student and open projects Contents 2
  • 3.
  • 4.
     Write correctcode  Unit tests  Regression testing  Code review  …is there some other way?  Yes! For example – tools for automated analysis. How to Improve Code Quality 4
  • 5.
     Static analysistools: check code when it’s not executed  Dynamic analysis tools: check code when it’s being executed Automated Code Analysis Tools 5  Both approaches compliment each other very well.
  • 6.
    Cost to Fixa Bug 6
  • 7.
     Issues falsepositives  Difficulties with multithreading  Does not eliminate the need for code review Static Analysis Disadvantages 7
  • 8.
     Covers theentire code  Significantly faster than dynamic code analysis  More convenient for large projects Static Analysis Advantages 8
  • 9.
     Can checkcode style or whether the code complies with a coding standard (MISRA, AUTOSAR C++)  Easy to use  Helps developers learn and teach Static Analysis Advantages 9
  • 10.
    Use of StaticAnalysis at Colleges and Universitites 10
  • 11.
     Helps checkhomework  Helps check final projects  Saves instructors’ time For Instructors 11
  • 12.
     Provides achance to learn a new approach  Helps with self-study and problem solving  Facilitates development  Shows and helps study error patterns For Students 12
  • 13.
    Pattern Examples (Vangers) 13 voidaciPackFile(....) { int sz,sz1; char *p,*p1; .... p = new char[sz]; p1 = new char[sz1]; .... delete p; delete p1; }
  • 14.
    Pattern Examples (Vangers) 14 voidaciPackFile(....) { int sz,sz1; char *p,*p1; .... p = new char[sz]; p1 = new char[sz1]; .... delete p; // <= delete p1; // <= }
  • 15.
    Pattern Examples (Vangers) 15 voidaciPackFile(....) { int sz,sz1; char *p,*p1; .... p = new char[sz]; p1 = new char[sz1]; .... delete [] p; delete [] p1; }
  • 16.
    Pattern Examples (ApacheHTTP Server) 16 static void MD4Transform( apr_uint32_t state[4], const unsigned char block[64]) { apr_uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[APR_MD4_DIGESTSIZE]; .... /* Zeroize sensitive information. */ memset(x, 0, sizeof(x)); }
  • 17.
    Pattern Examples (ApacheHTTP Server) 17 static void MD4Transform( apr_uint32_t state[4], const unsigned char block[64]) { apr_uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[APR_MD4_DIGESTSIZE]; .... /* Zeroize sensitive information. */ memset(x, 0, sizeof(x)); // <= }
  • 18.
    Pattern Examples (ApacheHTTP Server) 18 static void MD4Transform( apr_uint32_t state[4], const unsigned char block[64]) { apr_uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[APR_MD4_DIGESTSIZE]; .... /* Zeroize sensitive information. */ memset_s(x, 0, sizeof(x)); } *Or use the following flag: -fno-builtin-memset!
  • 19.
     Provides achance to learn a new approach  Helps with self-study and problem solving  Facilitates development  Shows and helps study error patterns For Students 19
  • 20.
    Use of StaticAnalysis in Student and Open Projects 20
  • 21.
     Static analysisprovides its maximum benefit only when used regularly! Regular Use is the Main Thing 21
  • 22.
    Regular Use isthe Main Thing 22
  • 23.
    Efficient Static Analyzers 23 •PVS-Studio • Clang Static Analyzer • Cppcheck • Infer • IntelliJ IDEA • FindBugs • ... • A detailed list of static analyzers:
  • 24.
    1. A classicdevelopment scenario (in office) 2. Developing student and open-source projects Introducing Analysis 24
  • 25.
     Locally ondevelopers’ computer (plugins for IDE, compilation monitoring system) A Typical Scenario 25
  • 26.
     Continuous integrationsystems (command-line utilities, plugins for CI systems, monitoring systems) A Typical Scenario 26
  • 27.
  • 28.
    What’s the difference? Studentand Open-Source Projects 28
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
    Using an Analyzeron Open-Source Projects 34
  • 35.
    Using an Analyzeron Open-Source Projects 35
  • 36.
    How to AnalyzeCommunity Contribution? 36
  • 37.
    What to DoAfter the First Check? 37
  • 38.
    Using an Analyzeron Open-Source Projects 38
  • 39.
    Using an Analyzeron Open-Source Projects 39
  • 40.
  • 41.
    How to AnalyzeCommunity Contribution? 41
  • 42.
     Suppress basesare a mass suppression tool for the analyzer’s warnings. After the First Check 42
  • 43.
     Suppress basesare a mass suppression tool for the analyzer’s warnings. After the First Check 43
  • 44.
     Hide olderrors – keep up the normal pace  See only the latest warnings starting from this moment  Get immediate benefits from the analyzer  Do not forget about the old errors! Come back and fix them one-by-one. The Purpose of Suppress Bases 44
  • 45.
     A veryconvenient approach: the “ratcheting” method  The number of errors in the base is committed to the repository.  Changes are allowed only when they do not increase the total number of errors. How to Work with Suppress Base 45
  • 46.
    How to Workwith Suppress Base 46
  • 47.
  • 48.
  • 49.
     Static analysishelps study programming  It’s important to use static analysis regularly  It’s okay to use static analysis in open-source projects! Recap 49
  • 50.
    A Free PVS-StudioLicense for Open-Source Project Developers 50
  • 51.