SlideShare a Scribd company logo

How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)

Download as PPTX, PDF
Andrey Karpov
Andrey Karpov

How to fight bugs in legacy code? Should you do it at all? What to do if there are hundreds or even thousands of errors? (that’s usually the case) How to avoid spending a plethora of man-hours on this? And still, how did you work with Unreal Engine?

Software
1 of 90
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4) George Gribkov
About Me: George Gribkov A C++ developer and developer of the PVS- Studio static code analyzer I help our clients fight errors I write articles on looking for bugs in open-source projects. gribkov@viva64.com 2
 How to fight bugs in legacy code? Overview 3
 How to fight bugs in legacy code?  Should you do it at all? Overview 4
 How to fight bugs in legacy code?  Should you do it at all?  What to do if there are hundreds or even thousands of errors? Overview 5
 How to fight bugs in legacy code?  Should you do it at all?  What to do if there are hundreds or even thousands of errors? (that’s usually the case) Overview 6
 How to fight bugs in legacy code?  Should you do it at all?  What to do if there are hundreds or even thousands of errors? (that’s usually the case)  How to avoid spending a plethora of man-hours on this? Overview 7
 How to fight bugs in legacy code?  Should you do it at all?  What to do if there are hundreds or even thousands of errors? (that’s usually the case)  How to avoid spending a plethora of man-hours on this?  And still, how did you work with Unreal Engine? Overview 8
Fighting Bug in Legacy Code 9
Should You Fight Bugs in Legacy Code? 10
11 YES!
 Old bugs are still bugs  Old vulnerabilities are still vulnerabilities  A charged gun will shoot you in the foot eventually Why? 12
13 Ariane 4
14 14 Ariane 4 113 successful launches
15 15 Ariane 5
16 16 Ariane 5 370 000 000 $ blown up!
 Unit testing  Integration testing  System testing  … Ways to Look for Bugs 17
 Unit testing  Integration testing  System testing  …  Dynamic analysis  Static analysis Ways to Look for Errors 18
 Unit testing  Integration testing  System testing  …  Dynamic analysis  Static analysis Ways to Look for Errors 19
Static analysis is an automatic code review procedure. What is Static Analysis? 20
How Does It Help? 21
How Does It Help? 22 Static analysis
23 Wait, Wait…
Oh No! 24 Legacy’s somewhere here!!!
1. Set up continuous analysis 2. 3. What’s a Good Way to Deal With Old Bugs? 25
1. Set up continuous analysis 2. Protect yourself from new bugs 3. What’s a Good Way to Deal With Old Bugs? 26
1. Set up continuous analysis 2. Protect yourself from new bugs 3. Gradually go through the analyzer’s report line- by-line, making sure to spend few resources each time. What’s a Good Way to Deal With Old Bugs? 27
How Our Two Developers Fixed 2000 Bugs, That Our Analyzer Reported in Unreal Engine 4, in 17 Business Days 28
29 How It Started
 My boss found errors in UE 4 and wrote an article  Developers from Epic Games liked it a lot  They wanted to fix more bugs and trusted that matter to us How It Started 30
31 Take One (Or How We Got Our Asses Kicked)
 The most convenient approach: check the project through Visual Studio  Luckily, UE has a set of scripts to generate .vcxproj files The First Check 32
1.Generate project files 2.Build the project 3.Start the analysis from Visual Studio 4.??????? 5. The First Analysis Attempt 33
1.Generate project files 2.Build the project 3.Start the analysis from Visual Studio 4.??????? 5.EPIC GAMES FAIL The First Analysis Attempt 34
 Generated project files are just a wrapper  These wrappers call the Unreal Build Tool  Unreal Build Tool starts cl.exe (or clang, for Linux builds) How the Unreal Engine Project Is Built 35
 Generated project files are just a wrapper  These wrappers call the Unreal Build Tool  Unreal Build Tool starts cl.exe (or clang, for Linux builds)  Because of all these layers the analyzer cannot collect the parameters required for compilation How Unreal Engine Project Is Built 36
37 Take Two (Or How We Did Everything Right)
 What if we try to catch compiler calls directly? The Second Check 38
 What if we try to catch compiler calls directly?  It’s pretty fortunate that we have a special utility that can monitor compilation The Second Check 39
The Second Analysis Attempt 40 1. Start the compilation monitoring utility before building the project 2. The utility collects all the required data 3. Right after that’s done, the analysis starts 4. ??????? 5.
1. Start the compilation monitoring utility before building the project 2. The utility collects all the required data 3. Right after that’s done, the analysis starts 4. ??????? 5. EPIC WIN!!! The Second Analysis Attempt 41
42 Analysis Results
Analysis Results 43  1192 top-level warnings (Level 1)  629 second-level warnings (Level 2)  1821 warnings in total (Level 3 not included)
44 44
Why Is It Typical to Get Thousands of Warnings? 45  Notepad++ – 5 241 warnings
Why Is It Typical to Get Thousands of Warnings? 46  WinMerge – 8 786 warnings
Why Is It Typical to Get Thousands of Warnings? 47  Media Player Classic Home Cinema – 33 370 warnings
48 So What’s Next?
How to Process Old Errors 49 1. Set up your development process so that it involves continuous analysis
1. Continuous Analysis 50
1. Continuous Analysis 51
1. Continuous Analysis 52
1. Continuous Analysis 53
1. Continuous Analysis 54
1. Continuous Analysis 55
1. Continuous Analysis 56
1. Continuous Analysis 57
How to Process Old Errors 58 1. Set up your development process so that it involves continuous analysis 2. Prevent new errors
2. Prevent New Errors 59 Статанализ
2. Prevent New Errors 60  How to detect new triggerings among old warnings?  Approach 1: incremental analysis  Approach 2: warning mass suppression (the use of a suppress base)
How to Work with a Suppress Base 61  Hide all old warnings  Get 0 warnings after analysis  Starting from this moment, all new mistakes will be detected at once
How to Work with a Suppress Base 62
How to Work with a Suppress Base 63
How to Work with a Suppress Base 64 Old warnings don’t go anywhere! We just separated them from the new ones and work on them separately.
Incremental Analysis or a Suppress Base? 65  When dealing with Unreal Engine 4, we used only incremental analysis  Suppress bases are more convenient if you are the one developing the project  You can use both approaches simultaneously
How to Process Old Errors 66 1. Set up your development process so that it involves continuous analysis 2. Prevent new errors 3. Process the analyzer’s report gradually, line-by-line, and save resources.
3. How to Work with a Huge Report 67 Two approaches:  The Pareto principle (80/20)  The ratchet method
The Pareto principles 68
The Pareto Principle 69  In order to fix 80% of errors, reviewing 20% of warnings is sufficient  The warnings have already been separated into these portions and are ready for use
The Pareto Principle 70  Media Player Classic Home Cinema – 33 370 warnings
The Pareto Principle 71  33 370 warnings –> 1 935 warnings
20% of warnings in Unreal Engine 72  1192 top-level warnings (Level 1)  629 second-level warnings (Level 2)  1821 warnings total (Level 3 not included)
The Ratchet Method 73
 The total number of warnings is committed to the version control system  Changes are allowed only if they do not add to this number of errors The Ratchet Method 74
How the Ratchet Method Works 75
How the Ratchet Method Works 76
 Ivan Ponomaryov — Continuous Static Code Analysis A Talk on Related Topic 77
78 Warning Number Graphs
 Expectation Warning Number Graph 0 5 10 15 20 25 1 2 3 4 5 Warnings 79
 Expectation Warning Number Graph 80 0 5 10 15 20 25 1 2 3 4 5 Warnings 0 5 10 15 20 25 1 2 3 4 5 Warnings  Reality
Progress for Unreal Engine 4 81
A Small Dessert 82  After fixing all errors we found two more:
A Sample Graph for the Ratchet Method 83
 Developers from Epic Games were happy  They now regularly use static analysis  As for us… we wrote another article :) Recap 84
Conclusion 85
86 Want to Clean Up Legacy Code? Use Static Analysis!
If the Warnings Count in Thousands: 87 1.Set up your development process so that it involves continuous analysis 2.Prevent new mistakes 3.Work through the analyzer’s report gradually (the Pareto and ratchet principles)
Try Static Analysis!
Try Static Analysis! e-mail: gribkov@viva64.com
Try Static Analysis! e-mail: gribkov@viva64.com Q&A

Recommended

Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Andrey Karpov
 
Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?
Andrey Karpov
 
Automated Testing for Embedded Software in C or C++
Automated Testing for Embedded Software in C or C++Automated Testing for Embedded Software in C or C++
Automated Testing for Embedded Software in C or C++
Lars Thorup
 
Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...
PVS-Studio
 
Agile analysis development
Agile analysis developmentAgile analysis development
Agile analysis development
setitesuk
 
Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...
Andrey Karpov
 
How do you implement Continuous Delivery? Part 3: All about Pipelines
How do you implement Continuous Delivery? Part 3: All about PipelinesHow do you implement Continuous Delivery? Part 3: All about Pipelines
How do you implement Continuous Delivery? Part 3: All about Pipelines
Thoughtworks
 
Quality of life through Unit Testing
Quality of life through Unit TestingQuality of life through Unit Testing
Quality of life through Unit Testing
Sian Lerk Lau
 

Recommended

Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Andrey Karpov
 
Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?
Andrey Karpov
 
Automated Testing for Embedded Software in C or C++
Automated Testing for Embedded Software in C or C++Automated Testing for Embedded Software in C or C++
Automated Testing for Embedded Software in C or C++
Lars Thorup
 
Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...
PVS-Studio
 
Agile analysis development
Agile analysis developmentAgile analysis development
Agile analysis development
setitesuk
 
Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...Static analysis is most efficient when being used regularly. We'll tell you w...
Static analysis is most efficient when being used regularly. We'll tell you w...
Andrey Karpov
 
How do you implement Continuous Delivery? Part 3: All about Pipelines
How do you implement Continuous Delivery? Part 3: All about PipelinesHow do you implement Continuous Delivery? Part 3: All about Pipelines
How do you implement Continuous Delivery? Part 3: All about Pipelines
Thoughtworks
 
Quality of life through Unit Testing
Quality of life through Unit TestingQuality of life through Unit Testing
Quality of life through Unit Testing
Sian Lerk Lau
 
The best day for qa
The best day for qaThe best day for qa
The best day for qa
Julian Farizi
 
Test Automation for Embedded Devices
Test Automation for Embedded DevicesTest Automation for Embedded Devices
Test Automation for Embedded Devices
Scott Barber
 
Winning the battle against Automated testing
Winning the battle against Automated testingWinning the battle against Automated testing
Winning the battle against Automated testing
Elena Laskavaia
 
Python in Test automation
Python in Test automationPython in Test automation
Python in Test automation
Krishnana Sreeraman
 
How to Upgrade to the Newest Shiniest Django Version
How to Upgrade to the Newest Shiniest Django VersionHow to Upgrade to the Newest Shiniest Django Version
How to Upgrade to the Newest Shiniest Django Version
Susan Tan
 
Unit testing in swift 2 - The before & after story
Unit testing in swift 2 - The before & after storyUnit testing in swift 2 - The before & after story
Unit testing in swift 2 - The before & after story
Jorge Ortiz
 
What is new in JUnit5
What is new in JUnit5What is new in JUnit5
What is new in JUnit5
Richard Langlois P. Eng.
 
Continuous Deployment Pipeline for Systems - Presented at Ohio LinuxFest 2017...
Continuous Deployment Pipeline for Systems - Presented at Ohio LinuxFest 2017...Continuous Deployment Pipeline for Systems - Presented at Ohio LinuxFest 2017...
Continuous Deployment Pipeline for Systems - Presented at Ohio LinuxFest 2017...
garrett honeycutt
 
Manual testing interview questions and answers
Manual testing interview questions and answersManual testing interview questions and answers
Manual testing interview questions and answers
Testbytes
 
Deploying Straight to Production
Deploying Straight to ProductionDeploying Straight to Production
Deploying Straight to Production
Mark Baker
 
Practical unit testing in c & c++
Practical unit testing in c & c++Practical unit testing in c & c++
Practical unit testing in c & c++
Matt Hargett
 
Testing without assertions - #HUSTEF2019
Testing without assertions - #HUSTEF2019Testing without assertions - #HUSTEF2019
Testing without assertions - #HUSTEF2019
SAP SE
 
Static analysis tools as the best friend of QA
Static analysis tools as the best friend of QAStatic analysis tools as the best friend of QA
Static analysis tools as the best friend of QA
Mikalai Alimenkou
 
Никита Манько “Code review”
Никита Манько “Code review”Никита Манько “Code review”
Никита Манько “Code review”
EPAM Systems
 
SophiaConf 2018 - P. Urso (Activeeon)
SophiaConf 2018 - P. Urso (Activeeon)SophiaConf 2018 - P. Urso (Activeeon)
SophiaConf 2018 - P. Urso (Activeeon)
TelecomValley
 
How to Select the Right Automation Testing Tool
How to Select the Right Automation Testing ToolHow to Select the Right Automation Testing Tool
How to Select the Right Automation Testing Tool
Exist
 
Keynote AST 2016
Keynote AST 2016Keynote AST 2016
Keynote AST 2016
Kim Herzig
 
How do you implement Continuous Delivery? Part 4: Automated Testing
How do you implement Continuous Delivery? Part 4: Automated TestingHow do you implement Continuous Delivery? Part 4: Automated Testing
How do you implement Continuous Delivery? Part 4: Automated Testing
Thoughtworks
 
[JS EXPERIENCE 2018] “Who watches the watchmen": Testando nossos testes - Mar...
[JS EXPERIENCE 2018] “Who watches the watchmen": Testando nossos testes - Mar...[JS EXPERIENCE 2018] “Who watches the watchmen": Testando nossos testes - Mar...
[JS EXPERIENCE 2018] “Who watches the watchmen": Testando nossos testes - Mar...
iMasters
 
SVN notes
SVN notesSVN notes
SVN notes
eric zhang
 
Works For Me! Characterizing Non-Reproducible Bug Reports
Works For Me! Characterizing Non-Reproducible Bug ReportsWorks For Me! Characterizing Non-Reproducible Bug Reports
Works For Me! Characterizing Non-Reproducible Bug Reports
SALT Lab @ UBC
 
Are Automated Debugging Techniques Actually Helping Programmers
Are Automated Debugging Techniques Actually Helping ProgrammersAre Automated Debugging Techniques Actually Helping Programmers
Are Automated Debugging Techniques Actually Helping Programmers
Chris Parnin
 

More Related Content

What's hot

Winning the battle against Automated testing
Winning the battle against Automated testingWinning the battle against Automated testing
Winning the battle against Automated testing
Elena Laskavaia
 
Manual testing interview questions and answers
Manual testing interview questions and answersManual testing interview questions and answers
Manual testing interview questions and answers
Testbytes
 
Никита Манько “Code review”
Никита Манько “Code review”Никита Манько “Code review”
Никита Манько “Code review”
EPAM Systems
 

What's hot (20)

The best day for qa
The best day for qaThe best day for qa
The best day for qa
 
Test Automation for Embedded Devices
Test Automation for Embedded DevicesTest Automation for Embedded Devices
Test Automation for Embedded Devices
 
Winning the battle against Automated testing
Winning the battle against Automated testingWinning the battle against Automated testing
Winning the battle against Automated testing
 
Python in Test automation
Python in Test automationPython in Test automation
Python in Test automation
 
How to Upgrade to the Newest Shiniest Django Version
How to Upgrade to the Newest Shiniest Django VersionHow to Upgrade to the Newest Shiniest Django Version
How to Upgrade to the Newest Shiniest Django Version
 
Unit testing in swift 2 - The before & after story
Unit testing in swift 2 - The before & after storyUnit testing in swift 2 - The before & after story
Unit testing in swift 2 - The before & after story
 
What is new in JUnit5
What is new in JUnit5What is new in JUnit5
What is new in JUnit5
 
Continuous Deployment Pipeline for Systems - Presented at Ohio LinuxFest 2017...
Continuous Deployment Pipeline for Systems - Presented at Ohio LinuxFest 2017...Continuous Deployment Pipeline for Systems - Presented at Ohio LinuxFest 2017...
Continuous Deployment Pipeline for Systems - Presented at Ohio LinuxFest 2017...
 
Manual testing interview questions and answers
Manual testing interview questions and answersManual testing interview questions and answers
Manual testing interview questions and answers
 
Deploying Straight to Production
Deploying Straight to ProductionDeploying Straight to Production
Deploying Straight to Production
 
Practical unit testing in c & c++
Practical unit testing in c & c++Practical unit testing in c & c++
Practical unit testing in c & c++
 
Testing without assertions - #HUSTEF2019
Testing without assertions - #HUSTEF2019Testing without assertions - #HUSTEF2019
Testing without assertions - #HUSTEF2019
 
Static analysis tools as the best friend of QA
Static analysis tools as the best friend of QAStatic analysis tools as the best friend of QA
Static analysis tools as the best friend of QA
 
Никита Манько “Code review”
Никита Манько “Code review”Никита Манько “Code review”
Никита Манько “Code review”
 
SophiaConf 2018 - P. Urso (Activeeon)
SophiaConf 2018 - P. Urso (Activeeon)SophiaConf 2018 - P. Urso (Activeeon)
SophiaConf 2018 - P. Urso (Activeeon)
 
How to Select the Right Automation Testing Tool
How to Select the Right Automation Testing ToolHow to Select the Right Automation Testing Tool
How to Select the Right Automation Testing Tool
 
Keynote AST 2016
Keynote AST 2016Keynote AST 2016
Keynote AST 2016
 
How do you implement Continuous Delivery? Part 4: Automated Testing
How do you implement Continuous Delivery? Part 4: Automated TestingHow do you implement Continuous Delivery? Part 4: Automated Testing
How do you implement Continuous Delivery? Part 4: Automated Testing
 
[JS EXPERIENCE 2018] “Who watches the watchmen": Testando nossos testes - Mar...
[JS EXPERIENCE 2018] “Who watches the watchmen": Testando nossos testes - Mar...[JS EXPERIENCE 2018] “Who watches the watchmen": Testando nossos testes - Mar...
[JS EXPERIENCE 2018] “Who watches the watchmen": Testando nossos testes - Mar...
 
SVN notes
SVN notesSVN notes
SVN notes
 

Similar to How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)

Works For Me! Characterizing Non-Reproducible Bug Reports
Works For Me! Characterizing Non-Reproducible Bug ReportsWorks For Me! Characterizing Non-Reproducible Bug Reports
Works For Me! Characterizing Non-Reproducible Bug Reports
SALT Lab @ UBC
 
Are Automated Debugging Techniques Actually Helping Programmers
Are Automated Debugging Techniques Actually Helping ProgrammersAre Automated Debugging Techniques Actually Helping Programmers
Are Automated Debugging Techniques Actually Helping Programmers
Chris Parnin
 
VISUAL_BASIC_LECTURE_NOTE_A_Z_MADE_EASY.pdf
VISUAL_BASIC_LECTURE_NOTE_A_Z_MADE_EASY.pdfVISUAL_BASIC_LECTURE_NOTE_A_Z_MADE_EASY.pdf
VISUAL_BASIC_LECTURE_NOTE_A_Z_MADE_EASY.pdf
NALANDACSCCENTRE
 
programs testing programs
programs testing programsprograms testing programs
programs testing programs
ICANS GmbH
 
Diving into VS 2015 Day2
Diving into VS 2015 Day2Diving into VS 2015 Day2
Diving into VS 2015 Day2
Akhil Mittal
 
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
Yulia Tsisyk
 
The Art Of Debugging
The Art Of DebuggingThe Art Of Debugging
The Art Of Debugging
svilen.ivanov
 

Similar to How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4) (20)

Works For Me! Characterizing Non-Reproducible Bug Reports
Works For Me! Characterizing Non-Reproducible Bug ReportsWorks For Me! Characterizing Non-Reproducible Bug Reports
Works For Me! Characterizing Non-Reproducible Bug Reports
 
Are Automated Debugging Techniques Actually Helping Programmers
Are Automated Debugging Techniques Actually Helping ProgrammersAre Automated Debugging Techniques Actually Helping Programmers
Are Automated Debugging Techniques Actually Helping Programmers
 
Because you can’t fix what you don’t know is broken...
Because you can’t fix what you don’t know is broken...Because you can’t fix what you don’t know is broken...
Because you can’t fix what you don’t know is broken...
 
Viva64: working up of 64-bit applications
Viva64: working up of 64-bit applicationsViva64: working up of 64-bit applications
Viva64: working up of 64-bit applications
 
VISUAL_BASIC_LECTURE_NOTE_A_Z_MADE_EASY.pdf
VISUAL_BASIC_LECTURE_NOTE_A_Z_MADE_EASY.pdfVISUAL_BASIC_LECTURE_NOTE_A_Z_MADE_EASY.pdf
VISUAL_BASIC_LECTURE_NOTE_A_Z_MADE_EASY.pdf
 
Lesson 7. The issues of detecting 64-bit errors
Lesson 7. The issues of detecting 64-bit errorsLesson 7. The issues of detecting 64-bit errors
Lesson 7. The issues of detecting 64-bit errors
 
programs testing programs
programs testing programsprograms testing programs
programs testing programs
 
Week1 programming challenges
Week1 programming challengesWeek1 programming challenges
Week1 programming challenges
 
Diving into VS 2015 Day2
Diving into VS 2015 Day2Diving into VS 2015 Day2
Diving into VS 2015 Day2
 
64 bits, Wp64, Visual Studio 2008, Viva64 and all the rest...
64 bits, Wp64, Visual Studio 2008, Viva64 and all the rest...64 bits, Wp64, Visual Studio 2008, Viva64 and all the rest...
64 bits, Wp64, Visual Studio 2008, Viva64 and all the rest...
 
Bug first Zero Defect
Bug first Zero DefectBug first Zero Defect
Bug first Zero Defect
 
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareThe Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
 
5.Black Box Testing and Levels of Testing.ppt
5.Black Box Testing and Levels of Testing.ppt5.Black Box Testing and Levels of Testing.ppt
5.Black Box Testing and Levels of Testing.ppt
 
Mergebase dont-let-vulns-run-wild
Mergebase dont-let-vulns-run-wildMergebase dont-let-vulns-run-wild
Mergebase dont-let-vulns-run-wild
 
A Long-Awaited Check of Unreal Engine 4
A Long-Awaited Check of Unreal Engine 4A Long-Awaited Check of Unreal Engine 4
A Long-Awaited Check of Unreal Engine 4
 
Opencv
OpencvOpencv
Opencv
 
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
 
The Art Of Debugging
The Art Of DebuggingThe Art Of Debugging
The Art Of Debugging
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
 

More from Andrey Karpov

Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Andrey Karpov
 

More from Andrey Karpov (20)

60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста
 
60 terrible tips for a C++ developer
60 terrible tips for a C++ developer60 terrible tips for a C++ developer
60 terrible tips for a C++ developer
 
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
 
PVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesPVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error Examples
 
PVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature OverviewPVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature Overview
 
PVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибокPVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибок
 
PVS-Studio в 2021
PVS-Studio в 2021PVS-Studio в 2021
PVS-Studio в 2021
 
Best Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesBest Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' Mistakes
 
Does static analysis need machine learning?
Does static analysis need machine learning?Does static analysis need machine learning?
Does static analysis need machine learning?
 
Typical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaTypical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and Java
 
C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical Reviewer
 
Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal Engine
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsSafety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
 
The Great and Mighty C++
The Great and Mighty C++The Great and Mighty C++
The Great and Mighty C++
 
Static code analysis: what? how? why?
Static code analysis: what? how? why?Static code analysis: what? how? why?
Static code analysis: what? how? why?
 
Zero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for youZero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for you
 
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsPVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
 
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
 
Analysis of commits and pull requests in Travis CI, Buddy and AppVeyor using ...
Analysis of commits and pull requests in Travis CI, Buddy and AppVeyor using ...Analysis of commits and pull requests in Travis CI, Buddy and AppVeyor using ...
Analysis of commits and pull requests in Travis CI, Buddy and AppVeyor using ...
 
PVS-Studio in the Clouds: CircleCI
PVS-Studio in the Clouds: CircleCIPVS-Studio in the Clouds: CircleCI
PVS-Studio in the Clouds: CircleCI
 

Recently uploaded

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
VishalKumarJha10
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
harshavardhanraghave
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
software pro Development
 

Recently uploaded (20)

5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 

How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)

  • 1. How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4) George Gribkov
  • 2. About Me: George Gribkov A C++ developer and developer of the PVS- Studio static code analyzer I help our clients fight errors I write articles on looking for bugs in open-source projects. gribkov@viva64.com 2
  • 3.  How to fight bugs in legacy code? Overview 3
  • 4.  How to fight bugs in legacy code?  Should you do it at all? Overview 4
  • 5.  How to fight bugs in legacy code?  Should you do it at all?  What to do if there are hundreds or even thousands of errors? Overview 5
  • 6.  How to fight bugs in legacy code?  Should you do it at all?  What to do if there are hundreds or even thousands of errors? (that’s usually the case) Overview 6
  • 7.  How to fight bugs in legacy code?  Should you do it at all?  What to do if there are hundreds or even thousands of errors? (that’s usually the case)  How to avoid spending a plethora of man-hours on this? Overview 7
  • 8.  How to fight bugs in legacy code?  Should you do it at all?  What to do if there are hundreds or even thousands of errors? (that’s usually the case)  How to avoid spending a plethora of man-hours on this?  And still, how did you work with Unreal Engine? Overview 8
  • 9. Fighting Bug in Legacy Code 9
  • 10. Should You Fight Bugs in Legacy Code? 10
  • 12.  Old bugs are still bugs  Old vulnerabilities are still vulnerabilities  A charged gun will shoot you in the foot eventually Why? 12
  • 14. 14 14 Ariane 4 113 successful launches
  • 16. 16 16 Ariane 5 370 000 000 $ blown up!
  • 17.  Unit testing  Integration testing  System testing  … Ways to Look for Bugs 17
  • 18.  Unit testing  Integration testing  System testing  …  Dynamic analysis  Static analysis Ways to Look for Errors 18
  • 19.  Unit testing  Integration testing  System testing  …  Dynamic analysis  Static analysis Ways to Look for Errors 19
  • 20. Static analysis is an automatic code review procedure. What is Static Analysis? 20
  • 21. How Does It Help? 21
  • 22. How Does It Help? 22 Static analysis
  • 25. 1. Set up continuous analysis 2. 3. What’s a Good Way to Deal With Old Bugs? 25
  • 26. 1. Set up continuous analysis 2. Protect yourself from new bugs 3. What’s a Good Way to Deal With Old Bugs? 26
  • 27. 1. Set up continuous analysis 2. Protect yourself from new bugs 3. Gradually go through the analyzer’s report line- by-line, making sure to spend few resources each time. What’s a Good Way to Deal With Old Bugs? 27
  • 28. How Our Two Developers Fixed 2000 Bugs, That Our Analyzer Reported in Unreal Engine 4, in 17 Business Days 28
  • 30.  My boss found errors in UE 4 and wrote an article  Developers from Epic Games liked it a lot  They wanted to fix more bugs and trusted that matter to us How It Started 30
  • 31. 31 Take One (Or How We Got Our Asses Kicked)
  • 32.  The most convenient approach: check the project through Visual Studio  Luckily, UE has a set of scripts to generate .vcxproj files The First Check 32
  • 33. 1.Generate project files 2.Build the project 3.Start the analysis from Visual Studio 4.??????? 5. The First Analysis Attempt 33
  • 34. 1.Generate project files 2.Build the project 3.Start the analysis from Visual Studio 4.??????? 5.EPIC GAMES FAIL The First Analysis Attempt 34
  • 35.  Generated project files are just a wrapper  These wrappers call the Unreal Build Tool  Unreal Build Tool starts cl.exe (or clang, for Linux builds) How the Unreal Engine Project Is Built 35
  • 36.  Generated project files are just a wrapper  These wrappers call the Unreal Build Tool  Unreal Build Tool starts cl.exe (or clang, for Linux builds)  Because of all these layers the analyzer cannot collect the parameters required for compilation How Unreal Engine Project Is Built 36
  • 37. 37 Take Two (Or How We Did Everything Right)
  • 38.  What if we try to catch compiler calls directly? The Second Check 38
  • 39.  What if we try to catch compiler calls directly?  It’s pretty fortunate that we have a special utility that can monitor compilation The Second Check 39
  • 40. The Second Analysis Attempt 40 1. Start the compilation monitoring utility before building the project 2. The utility collects all the required data 3. Right after that’s done, the analysis starts 4. ??????? 5.
  • 41. 1. Start the compilation monitoring utility before building the project 2. The utility collects all the required data 3. Right after that’s done, the analysis starts 4. ??????? 5. EPIC WIN!!! The Second Analysis Attempt 41
  • 43. Analysis Results 43  1192 top-level warnings (Level 1)  629 second-level warnings (Level 2)  1821 warnings in total (Level 3 not included)
  • 44. 44 44
  • 45. Why Is It Typical to Get Thousands of Warnings? 45  Notepad++ – 5 241 warnings
  • 46. Why Is It Typical to Get Thousands of Warnings? 46  WinMerge – 8 786 warnings
  • 47. Why Is It Typical to Get Thousands of Warnings? 47  Media Player Classic Home Cinema – 33 370 warnings
  • 49. How to Process Old Errors 49 1. Set up your development process so that it involves continuous analysis
  • 58. How to Process Old Errors 58 1. Set up your development process so that it involves continuous analysis 2. Prevent new errors
  • 59. 2. Prevent New Errors 59 Статанализ
  • 60. 2. Prevent New Errors 60  How to detect new triggerings among old warnings?  Approach 1: incremental analysis  Approach 2: warning mass suppression (the use of a suppress base)
  • 61. How to Work with a Suppress Base 61  Hide all old warnings  Get 0 warnings after analysis  Starting from this moment, all new mistakes will be detected at once
  • 62. How to Work with a Suppress Base 62
  • 63. How to Work with a Suppress Base 63
  • 64. How to Work with a Suppress Base 64 Old warnings don’t go anywhere! We just separated them from the new ones and work on them separately.
  • 65. Incremental Analysis or a Suppress Base? 65  When dealing with Unreal Engine 4, we used only incremental analysis  Suppress bases are more convenient if you are the one developing the project  You can use both approaches simultaneously
  • 66. How to Process Old Errors 66 1. Set up your development process so that it involves continuous analysis 2. Prevent new errors 3. Process the analyzer’s report gradually, line-by-line, and save resources.
  • 67. 3. How to Work with a Huge Report 67 Two approaches:  The Pareto principle (80/20)  The ratchet method
  • 69. The Pareto Principle 69  In order to fix 80% of errors, reviewing 20% of warnings is sufficient  The warnings have already been separated into these portions and are ready for use
  • 70. The Pareto Principle 70  Media Player Classic Home Cinema – 33 370 warnings
  • 71. The Pareto Principle 71  33 370 warnings –> 1 935 warnings
  • 72. 20% of warnings in Unreal Engine 72  1192 top-level warnings (Level 1)  629 second-level warnings (Level 2)  1821 warnings total (Level 3 not included)
  • 74.  The total number of warnings is committed to the version control system  Changes are allowed only if they do not add to this number of errors The Ratchet Method 74
  • 75. How the Ratchet Method Works 75
  • 76. How the Ratchet Method Works 76
  • 77.  Ivan Ponomaryov — Continuous Static Code Analysis A Talk on Related Topic 77
  • 79.  Expectation Warning Number Graph 0 5 10 15 20 25 1 2 3 4 5 Warnings 79
  • 80.  Expectation Warning Number Graph 80 0 5 10 15 20 25 1 2 3 4 5 Warnings 0 5 10 15 20 25 1 2 3 4 5 Warnings  Reality
  • 81. Progress for Unreal Engine 4 81
  • 82. A Small Dessert 82  After fixing all errors we found two more:
  • 83. A Sample Graph for the Ratchet Method 83
  • 84.  Developers from Epic Games were happy  They now regularly use static analysis  As for us… we wrote another article :) Recap 84
  • 86. 86 Want to Clean Up Legacy Code? Use Static Analysis!
  • 87. If the Warnings Count in Thousands: 87 1.Set up your development process so that it involves continuous analysis 2.Prevent new mistakes 3.Work through the analyzer’s report gradually (the Pareto and ratchet principles)