Top 10 User Mistakes with Static Analysis Sate IV March 2012.
-
Upload
guillermo-mears -
Category
Documents
-
view
215 -
download
2
Transcript of Top 10 User Mistakes with Static Analysis Sate IV March 2012.
![Page 1: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/1.jpg)
Top 10 User Mistakes with Static Analysis
Sate IVMarch 2012
![Page 2: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/2.jpg)
Parasoft Proprietary and Confidential
About Parasoft
Founded in 1987 27+ Patents for automated quality processes Build quality into the process Static Analysis tools since 1994
![Page 3: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/3.jpg)
What IS Static Analysis?
Variety of methods Peer Review / Manual Code Review / Code Inspection Pattern-based code scanners Flow-based code scanners Metrics-based code scanners Compiler / build output
Parasoft Proprietary and Confidential
![Page 4: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/4.jpg)
Number 10: Developers
10) Developers not included in process evolution Developer Insights
Rules / Issues drive need Workflow Usability Correctness / Noise
Will our engineers really adopt it and use it? Is this a long-term solution?
Parasoft Proprietary and Confidential
![Page 5: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/5.jpg)
Code Analysis Perceptions
“Static analysis is a pain” False positives has varying definitions
I don’t like it It was wrong
Parasoft Proprietary and Confidential
![Page 6: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/6.jpg)
Pattern based false positives
True false positives generally rule deficiency Context
Does this apply here and now? In-code suppressions to document decision
Parasoft Proprietary and Confidential
![Page 7: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/7.jpg)
Flow Analysis False Positives
False positives are inevitable Finds real bugs Flow analysis is not comprehensive
Parasoft Proprietary and Confidential
![Page 8: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/8.jpg)
Number 9: Expectations
9) Wrong expectations Why do static analysis?
Because it’s the right thing? Increase quality? Decrease costs? Reduce development time?
Flow analysis is enough When will it pay-off? How can I tell it’s paying off?
Parasoft Proprietary and Confidential
![Page 9: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/9.jpg)
Number 8: Approach
8) Taking an audit approach Running SA on all your code (Don’t) It’s all about the reports (Or is it?)
Parasoft Proprietary and Confidential
![Page 10: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/10.jpg)
Number 7: Too Much
7) Starting with too many rules Static Analysis is about process It’s incremental Avoid biting off more than you can chew Avoid any rule you won’t stop the build for
Parasoft Proprietary and Confidential
![Page 11: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/11.jpg)
Don’t Get Run Over
Same set of rules for everyone Small set of rules Less rules that are followed is better than more
that are not If you wouldn’t fix it, don’t check for it
Parasoft Proprietary and Confidential
![Page 12: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/12.jpg)
Number 6: Workflow
6) Workflow integration Has to work with your development UI Same configuration for desktop and server Minimize negative impact Minimize time to find / fix violations
Parasoft Proprietary and Confidential
![Page 13: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/13.jpg)
Parasoft Proprietary and Confidential
Results within IDE
1 Results delivered as uniform view within IDE
2 Directly access line of code to fix
3 Check-in
![Page 14: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/14.jpg)
Number 5: Training
5) Lack of sufficient training How to install the tool How to configure the tool How to setup the build How to run the tool How to mitigate violations How/when to suppress
Parasoft Proprietary and Confidential
![Page 15: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/15.jpg)
Number 4: Process
4) No defined process Developers are not necessarily process experts Process should minimize impact of SA Consistent for teams and projects Vetted in a pilot project
Parasoft Proprietary and Confidential
![Page 16: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/16.jpg)
Number 3: Automation
3) No automated process enforcement Reduce effort Consistency Compliance
Parasoft Proprietary and Confidential
![Page 17: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/17.jpg)
Number 2: Policy
2) Lack of a clear policy What teams need to do SA? What projects require SA? What rules are required? What amount of compliance? When can you suppress? How to handle legacy code? Do you ship with SA violations?
Parasoft Proprietary and Confidential
![Page 18: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/18.jpg)
Number 1: Management
1) Lack of management buy-in Requirements Allowed time Understanding of the ROI Enforcement
Parasoft Proprietary and Confidential
![Page 19: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/19.jpg)
The Whole Top 10
10) Developers not included in process evolution 9) Wrong expectations 8) Taking an audit approach 7) Starting with too many rules 6) Workflow integration 5) Lack of sufficient training 4) No defined process 3) No automated process enforcement 2) Lack of a clear policy 1) Lack of management buy-in
Parasoft Proprietary and Confidential
![Page 20: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/20.jpg)
Honorable Mention: The Wrong Stuff
Wrong Tool Wrong Process
Email reports Blocking Painful CI workflow
Wrong Rules Unimportant rules Too many rules
Wrong Code Legacy strategy Don’t test what you won’t / can’t change
Parasoft Proprietary and Confidential
![Page 21: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/21.jpg)
Honorable Mention: What’s Lacking
Lack of management buy-in The edict Allowed time & budget
Lack of development buy-in Willful non-compliance
Lack of training
Parasoft Proprietary and Confidential
![Page 22: Top 10 User Mistakes with Static Analysis Sate IV March 2012.](https://reader033.fdocuments.us/reader033/viewer/2022051819/55163c6c550346a2308b64af/html5/thumbnails/22.jpg)
Q&A / Further Reading
Parasoft Proprietary and Confidential
Automated Defect Prevention (Huizinga & Kolawa)
…Principles and processes to improve the software development process.
Effective C++ / More Effective C++ (Meyers)…Definitive work on proper C++ design and programming.
Effective Java (Bloch)
…Best-practice solutions for programming challenges.
Design Patterns (Gamma, Helm, Johnson, Vlissides)
…Timeless and elegant solutions to common problems.