BY Al Bessey, Ken Block, Ben Chelf, Andy Chou,

Slides:

Advertisements

Similar presentations

Testing and Quality Assurance

Advertisements

ENGLISH A1. DEAR STUDENTS, TO UNIT 2 DURING UNIT 2 YOU WILL STUDY THE FOLLOWING TOPICS: TELLING THE TIME CAN (FOR ABILITIES) SIMPLE PRESENT PRESENT PROGRESSIVE.

Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.

Predictor of Customer Perceived Software Quality By Haroon Malik.

CS 501: Software Engineering Fall 2000 Lecture 27 Software Engineering as Engineering.

Software Engineering COMP 201

CS351 © 2003 Ray S. Babcock Software Testing What is it?

Checking System Rules Using System-Specific, Programmer- Written Compiler Extensions Dawson Engler, Benjamin Chelf, Andy Chow, Seth Hallem Computer Systems.

1 Chapter 1 Software and Software Engineering Software Engineering: A Practitioner’s Approach, 6th edition by Roger S. Pressman.

Project Life Cycle Jon Ivins DMU. Introduction n Projects consist of many separate components n Constraints include: time, costs, staff, equipment n Assets.

MULTIVIE W Checking System Rules Using System-Specific, Program-Written Compiler Extensions Paper: Dawson Engler, Benjamin Chelf, Andy Chou, and Seth Hallem.

Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Introduction to Software Engineering CS-300 Fall 2005 Supreeth Venkataraman.

Static/Dynamic Analysis Tools Alex Aiken David Evans Dawson Engler Henny Sipma Scott McPeak Klaus Havelund Yuan Yu.

Introduction to Agile Methodologies and Concepts Roy Osherove Principal, Team Agile Blog : ISerializable.com.

Profile and a quick introduction Software Engineering: ) هندسة البرمجيات (in Arabic: is the branch of computer science Designed to develop a set rules.

Liang, Introduction to Java Programming, Sixth Edition, (c) 2007 Pearson Education, Inc. All rights reserved Chapter 12 Object-Oriented.

CO1301: Games Concepts Dr Nick Mitchell (Room CM 226) Material originally prepared by Laurent Noel.

M.Ellis 17th August MICE Software School Aims Course content –Management –Specifications –Design –Production –Testing –Use Information –Operation.

Parser-Driven Games Tool programming © Allan C. Milne Abertay University v

DBPD: A Dynamic Birthmark-based Software Plagiarism Detection Tool

From Quality Control to Quality Assurance…and Beyond Alan Page Microsoft.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 22 Slide 1 Software Verification, Validation and Testing.

Software Construction Lecture 18 Software Testing.

1 Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions Dawson Engler Benjamin Chelf Andy Chou Seth Hallem Stanford University.

1 Topics for this Lecture Build systems Static analysis.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University IWPSE 2003 Program.

Software Maintenance Speaker: Jerry Gao Ph.D. San Jose State University URL: Sept., 2001.

Design time and Run time Chris, Andrea, Martina, Henry, Antonio, Ole, Philippe, Hartmut, Anne, Jeff, Felix, Sebastian, Kurt.

Introduction to MATLAB Northeastern University: College of Computer and Information Science Co-op Preparation University (CPU) 10/20/2003.

CS223: Software Engineering Lecture 2: Introduction to Software Engineering.

MTA EXAM Software Testing Fundamentals : OBJECTIVE 6 Automate Software Testing.

Software Quality Assurance and Testing Fazal Rehman Shamil.

Software Development Introduction

What is a software? Computer Software, or just Software, is the collection of computer programs and related data that provide the instructions telling.

Applying Adaptive Software Development (ASD) Agile Modeling on Predictive Data Mining Applications: ASD-DM Methodology M. Alnoukari 1 Z.Alzoabi 2 S.Hanna.

1 Software Engineering: A Practitioner’s Approach, 6/e Chapter 1 Introduction to Software Engineering.

Programming Language Basics. What is a Programming Language? “A computer, human-created language used to write instructions for a computer.” “An artificial.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © 2016 Curt Hill Static Code Analysis What it is and does.

Introduction to Software Engineering

CSC 533: Programming Languages Spring 2016

JavaScript/ App Lab Programming:

CSC 533: Programming Languages Spring 2015

Software Testing Lab 1.

How to Test a Complex ERP Application using a Data-Driven Framework

Introduction Edited by Enas Naffar using the following textbooks: - A concise introduction to Software Engineering - Software Engineering for students-

OWASP Static Analysis (SA) Track Goals, Objectives, and Track Roadmap

Introduction to Compiler Construction

Software testing

Why Every Dev. Team Needs Static Analysis

Chapter 8 – Software Testing

CSE 374 Programming Concepts & Tools

Journey of Quality Analysts towards Data Analytics

GSP 215 RANK Lessons in Excellence-- gsp215rank.com.

Introduction Edited by Enas Naffar using the following textbooks: - A concise introduction to Software Engineering - Software Engineering for students-

Types of SQL Commands Farrokh Alemi, PhD

SUDS: An Infrastructure for Creating Bug Detection Tools

Human Complexity of Software

Lesson Objectives Aims Understand how machine code is generated

Synthesizing models with classes for automating code generation

The Scientific Method.

What is Software Testing?

Programming Language Basics

Developing Tools for Game Development:

Software Maintenance Main issues: why maintenance is such an issue

The STARFISH Approach to Product Development

CSE 542: Operating Systems

IPC144 Introduction to Programming Using C Week 2 – Lesson 2

Introduction Software maintenance:

Presentation transcript:

A few Billion Lines of code Later using Static Analysis to find Bugs in the Real World BY Al Bessey, Ken Block, Ben Chelf, Andy Chou, Bryan Fulton, Seth Hallem, Charles Henri-gros, Asya Kamsky, Scott McPeak and Dawson Engle

Introduction Coverity is a brand of software development products, consisting primarily of static code analysis and dynamic code analysis tools. How static code analysis was commercialized ? What had to be changed for real world use ? How to adapt to the constant change in requirements ? What was the lesson learnt ?

Lab vs Industry The software was able to find bugs in a large code base easily with few simple analyses and tricks in a lab environment. In the real world, hundreds of programmers use the tool to check hundreds of different code bases. The types of errors, number of false positives, type of build are all different from what is predicted by lab results. The programmers do not know how the tool works, unlike testers in the lab who have a knowledge of the tools’ internal process.

Customer Interaction Two scenarios of customer interaction Initial trial Long term use The trial is a pre-sale demonstration that attempts to show that the tool works well on a potential customer’s code. Sales Engineers educate the customers about the tool. Usually happens over a period of 1 day or 2-3 days if code base is very large

Laws of Bug Finding You can’t check code you don’t see Ability to extract code from build No access to modify build Test Machine You can’t check code you can’t parse No standard compilers

BUGS Myth: More analysis is always good Do bugs matter? No, your tool is broken, that is not a bug Misunderstood errors/bugs are considered as false positives How to handle cluelessness ? Do not change the results after an upgrade Myth: More analysis is always good

QUESTIONS What are the lessons learnt ? How would you commercialize a bug finding tool ? Any experience using a bug finding tool ?

Thank You