SlideShare une entreprise Scribd logo

OSS Java Analysis - What You Might Be Missing

Télécharger en tant que PPTX, PDF
Coverity
Coverity

We think FindBugs is a great tool for finding coding style and best practice types of issues, so we conducted a little experiment a few months ago. We analyzed Jenkins core code with both FindBugs and Coverity. These slides provide a high-level summary of our results.

Technologie
1  sur  14
OSS Java Analysis What You Might Be Missing
Overview • Open Source Static Analysis Options for Java • Case Study: Analysis of Jenkins Project • Detailed Findings 2 Copyright 2013, Coverity, Inc.
Consistent Use = More Maintainable Code Numerous Static Analysis Options for Java Copyright 2013, Coverity, Inc.3 Checkstyle Defines and enforces coding standards Finds common programming flaws and duplicated code Finds bugs Finds coding errors, ensures proper testing coverage and more
• Will you use it? • Does it find issues that you care about? Does it fit into your team’s workflow? Is it worth the effort? • Is it actionable? • Does it just find issues, or does it help you understand how and where to fix them? • Is it accurate? • Will you waste significant time on false positives? Are results consistent across builds? • Is it integrated? • Do you have to go out of your way to use it, or does it bring the problems to you? Key Considerations Copyright 2013, Coverity, Inc.4
Case Study: Jenkins Coverity Development Testing Platform and FindBugs 5 Copyright 2013, Coverity, Inc.
Background • Analyzed Jenkins 1.496 core code using up-to-date Coverity and FindBugs (as of Dec 2012) • Both solutions focus on finding defects, have IDE and command line interfaces Copyright 2013, Coverity, Inc.6 FindBugs • Often used automatically in Eclipse • Extensible tool • Management capabilities focused on individual developers Coverity Platform • Most often run in Eclipse or via automated build • Extensible tool, open platform • Sophisticated management capabilities addressing the needs of developers, teams & organizations
Little Overlap 7 Copyright 2013, Coverity, Inc. Only 28 relevant issues found by both solutions
Defect Summary (Real Bugs Only) 8 Type Coverity FindBugs Both Resource leaks 86 12 13 Security problems 1 0 0 Concurrency problems 22 10 9 High Severity Subtotal 109 22 22 Coding Standards, Best Practices, Other 88 605 6 Total Bugs 197 627 28 Coverity FindBug s Impact Distribution High Med-Low Copyright 2013, Coverity, Inc. Each solution found unique issues (neither is sufficient to replace the other)
Here is a resource leak identified by FindBugs: • Identifies the problem and general location • But there’s no indication of the affected object/variable, the relevant code path or events • Developers need to figure it out on their own • Not a big deal in this simple code • Complex code will be a pain! Example: FindBugs Resource Leak Copyright 2013, Coverity, Inc.9 A leak might affect something on this line
Here is a leak identified by Coverity: The object will continue to hold resources until the garbage collector eventually finalizes it—which may never happen. Example: Coverity Resource Leak Copyright 2013, Coverity, Inc.10 “listener” allocated. Implements Closeable, so it needs to be closed “listener” used, but still needs to be closed Leak: no longer usable, and never closed
Example: Coverity Race Condition 11 Copyright 2013, Coverity, Inc. This is an HTTP request handler “o” is associated with session Another thread may modify the session Session attribute is deleted. The right one? Erroneous code path identified You may delete the wrong key! Good luck finding this manually!
Example: Coverity Null Dereference Copyright 2013, Coverity, Inc.12 Passing null to function Dereferenced two layers deep You should check for null before or during the call to rebuild()
Conclusion • Different analysis tools often find different (important and complementary) issues • Use multiple tools that find issues important to you • Avoid tools that take too long to analyze, require too much manual work or have too many false positives 13 Copyright 2013, Coverity, Inc.
Copyright 2013 Coverity, Inc.

Recommandé

Resource Leaks in Java
Resource Leaks in JavaResource Leaks in Java
Resource Leaks in JavaCoverity
 
Adopting Agile
Adopting AgileAdopting Agile
Adopting AgileCoverity
 
Concurrency Errors in Java
Concurrency Errors in JavaConcurrency Errors in Java
Concurrency Errors in JavaCoverity
 
Finding Defects in C#: Coverity vs. FxCop
Finding Defects in C#: Coverity vs. FxCopFinding Defects in C#: Coverity vs. FxCop
Finding Defects in C#: Coverity vs. FxCopCoverity
 
Static Analysis Primer
Static Analysis PrimerStatic Analysis Primer
Static Analysis PrimerCoverity
 
DevBeat 2013 - Developer-first Security
DevBeat 2013 - Developer-first SecurityDevBeat 2013 - Developer-first Security
DevBeat 2013 - Developer-first SecurityCoverity
 
The Psychology of C# Analysis
The Psychology of C# AnalysisThe Psychology of C# Analysis
The Psychology of C# AnalysisCoverity
 
Automated Unit Testing and TDD
Automated Unit Testing and TDDAutomated Unit Testing and TDD
Automated Unit Testing and TDDGreg Sohl
 

Recommandé

Resource Leaks in Java
Resource Leaks in JavaResource Leaks in Java
Resource Leaks in JavaCoverity
 
Adopting Agile
Adopting AgileAdopting Agile
Adopting AgileCoverity
 
Concurrency Errors in Java
Concurrency Errors in JavaConcurrency Errors in Java
Concurrency Errors in JavaCoverity
 
Finding Defects in C#: Coverity vs. FxCop
Finding Defects in C#: Coverity vs. FxCopFinding Defects in C#: Coverity vs. FxCop
Finding Defects in C#: Coverity vs. FxCopCoverity
 
Static Analysis Primer
Static Analysis PrimerStatic Analysis Primer
Static Analysis PrimerCoverity
 
DevBeat 2013 - Developer-first Security
DevBeat 2013 - Developer-first SecurityDevBeat 2013 - Developer-first Security
DevBeat 2013 - Developer-first SecurityCoverity
 
The Psychology of C# Analysis
The Psychology of C# AnalysisThe Psychology of C# Analysis
The Psychology of C# AnalysisCoverity
 
Automated Unit Testing and TDD
Automated Unit Testing and TDDAutomated Unit Testing and TDD
Automated Unit Testing and TDDGreg Sohl
 
React performance
React performanceReact performance
React performanceDerek Willian Stavis
 
Code Review for iOS
Code Review for iOSCode Review for iOS
Code Review for iOSKLabCyscorpions-TechBlog
 
TDD Workshop UTN 2012
TDD Workshop UTN 2012TDD Workshop UTN 2012
TDD Workshop UTN 2012Facundo Farias
 
Code Review Matters and Manners
Code Review Matters and MannersCode Review Matters and Manners
Code Review Matters and MannersTrisha Gee
 
Is Groovy better for testing than Java?
Is Groovy better for testing than Java?Is Groovy better for testing than Java?
Is Groovy better for testing than Java?Trisha Gee
 
Code Review
Code ReviewCode Review
Code ReviewMikalai Alimenkou
 
TDD — Are you sure you properly test code?
TDD — Are you sure you properly test code?TDD — Are you sure you properly test code?
TDD — Are you sure you properly test code?Dmitriy Nesteryuk
 
@LinkingNote annotation in YATSPEC
@LinkingNote annotation in YATSPEC@LinkingNote annotation in YATSPEC
@LinkingNote annotation in YATSPECWojciech Bulaty
 
Your Tests are Lying to You - Improving your Testing by Testing What Really M...
Your Tests are Lying to You - Improving your Testing by Testing What Really M...Your Tests are Lying to You - Improving your Testing by Testing What Really M...
Your Tests are Lying to You - Improving your Testing by Testing What Really M...Brian Childress
 
Bug prediction based on your code history
Bug prediction based on your code historyBug prediction based on your code history
Bug prediction based on your code historyAlexey Tokar
 
First steps in testing analytics: Does test code quality matter?
First steps in testing analytics: Does test code quality matter?First steps in testing analytics: Does test code quality matter?
First steps in testing analytics: Does test code quality matter?Andy Zaidman
 
PHP unit testing - good and bad practices
PHP unit testing - good and bad practicesPHP unit testing - good and bad practices
PHP unit testing - good and bad practicesKonstantin Stefanov
 
Are Agile Projects Doomed to Half-Baked Design?
Are Agile Projects Doomed to Half-Baked Design?Are Agile Projects Doomed to Half-Baked Design?
Are Agile Projects Doomed to Half-Baked Design?theinfonaut
 
Google, quality and you
Google, quality and youGoogle, quality and you
Google, quality and younelinger
 
Level Up Your Automated Tests
Level Up Your Automated TestsLevel Up Your Automated Tests
Level Up Your Automated TestsTrisha Gee
 
How to get the most out of code reviews
How to get the most out of code reviewsHow to get the most out of code reviews
How to get the most out of code reviewsJavaDayUA
 
Code review guidelines
Code review guidelinesCode review guidelines
Code review guidelinesLalit Kale
 
Testing strategies for legacy code
Testing strategies for legacy codeTesting strategies for legacy code
Testing strategies for legacy codeAlex Soto
 
Insprint automation, build the culture
Insprint automation, build the cultureInsprint automation, build the culture
Insprint automation, build the cultureShekharRamphal
 
Code Review: How and When
Code Review: How and WhenCode Review: How and When
Code Review: How and WhenPaul Gower
 
Lectura taller virtual los dos gallos
Lectura taller virtual los dos gallosLectura taller virtual los dos gallos
Lectura taller virtual los dos gallosAnzoategui Docente
 
Presentacion de economica politica
Presentacion de economica politicaPresentacion de economica politica
Presentacion de economica politicaabelardoac
 

Contenu connexe

Tendances

Code Review Matters and Manners
Code Review Matters and MannersCode Review Matters and Manners
Code Review Matters and MannersTrisha Gee
 
Is Groovy better for testing than Java?
Is Groovy better for testing than Java?Is Groovy better for testing than Java?
Is Groovy better for testing than Java?Trisha Gee
 
TDD — Are you sure you properly test code?
TDD — Are you sure you properly test code?TDD — Are you sure you properly test code?
TDD — Are you sure you properly test code?Dmitriy Nesteryuk
 
@LinkingNote annotation in YATSPEC
@LinkingNote annotation in YATSPEC@LinkingNote annotation in YATSPEC
@LinkingNote annotation in YATSPECWojciech Bulaty
 
Your Tests are Lying to You - Improving your Testing by Testing What Really M...
Your Tests are Lying to You - Improving your Testing by Testing What Really M...Your Tests are Lying to You - Improving your Testing by Testing What Really M...
Your Tests are Lying to You - Improving your Testing by Testing What Really M...Brian Childress
 
Bug prediction based on your code history
Bug prediction based on your code historyBug prediction based on your code history
Bug prediction based on your code historyAlexey Tokar
 
First steps in testing analytics: Does test code quality matter?
First steps in testing analytics: Does test code quality matter?First steps in testing analytics: Does test code quality matter?
First steps in testing analytics: Does test code quality matter?Andy Zaidman
 
PHP unit testing - good and bad practices
PHP unit testing - good and bad practicesPHP unit testing - good and bad practices
PHP unit testing - good and bad practicesKonstantin Stefanov
 
Are Agile Projects Doomed to Half-Baked Design?
Are Agile Projects Doomed to Half-Baked Design?Are Agile Projects Doomed to Half-Baked Design?
Are Agile Projects Doomed to Half-Baked Design?theinfonaut
 
Google, quality and you
Google, quality and youGoogle, quality and you
Google, quality and younelinger
 
Level Up Your Automated Tests
Level Up Your Automated TestsLevel Up Your Automated Tests
Level Up Your Automated TestsTrisha Gee
 
How to get the most out of code reviews
How to get the most out of code reviewsHow to get the most out of code reviews
How to get the most out of code reviewsJavaDayUA
 
Code review guidelines
Code review guidelinesCode review guidelines
Code review guidelinesLalit Kale
 
Testing strategies for legacy code
Testing strategies for legacy codeTesting strategies for legacy code
Testing strategies for legacy codeAlex Soto
 
Insprint automation, build the culture
Insprint automation, build the cultureInsprint automation, build the culture
Insprint automation, build the cultureShekharRamphal
 
Code Review: How and When
Code Review: How and WhenCode Review: How and When
Code Review: How and WhenPaul Gower
 

Tendances (20)

React performance
React performanceReact performance
React performance
 
Code Review for iOS
Code Review for iOSCode Review for iOS
Code Review for iOS
 
TDD Workshop UTN 2012
TDD Workshop UTN 2012TDD Workshop UTN 2012
TDD Workshop UTN 2012
 
Code Review Matters and Manners
Code Review Matters and MannersCode Review Matters and Manners
Code Review Matters and Manners
 
Is Groovy better for testing than Java?
Is Groovy better for testing than Java?Is Groovy better for testing than Java?
Is Groovy better for testing than Java?
 
Code Review
Code ReviewCode Review
Code Review
 
TDD — Are you sure you properly test code?
TDD — Are you sure you properly test code?TDD — Are you sure you properly test code?
TDD — Are you sure you properly test code?
 
@LinkingNote annotation in YATSPEC
@LinkingNote annotation in YATSPEC@LinkingNote annotation in YATSPEC
@LinkingNote annotation in YATSPEC
 
Your Tests are Lying to You - Improving your Testing by Testing What Really M...
Your Tests are Lying to You - Improving your Testing by Testing What Really M...Your Tests are Lying to You - Improving your Testing by Testing What Really M...
Your Tests are Lying to You - Improving your Testing by Testing What Really M...
 
Bug prediction based on your code history
Bug prediction based on your code historyBug prediction based on your code history
Bug prediction based on your code history
 
First steps in testing analytics: Does test code quality matter?
First steps in testing analytics: Does test code quality matter?First steps in testing analytics: Does test code quality matter?
First steps in testing analytics: Does test code quality matter?
 
PHP unit testing - good and bad practices
PHP unit testing - good and bad practicesPHP unit testing - good and bad practices
PHP unit testing - good and bad practices
 
Are Agile Projects Doomed to Half-Baked Design?
Are Agile Projects Doomed to Half-Baked Design?Are Agile Projects Doomed to Half-Baked Design?
Are Agile Projects Doomed to Half-Baked Design?
 
Google, quality and you
Google, quality and youGoogle, quality and you
Google, quality and you
 
Level Up Your Automated Tests
Level Up Your Automated TestsLevel Up Your Automated Tests
Level Up Your Automated Tests
 
How to get the most out of code reviews
How to get the most out of code reviewsHow to get the most out of code reviews
How to get the most out of code reviews
 
Code review guidelines
Code review guidelinesCode review guidelines
Code review guidelines
 
Testing strategies for legacy code
Testing strategies for legacy codeTesting strategies for legacy code
Testing strategies for legacy code
 
Insprint automation, build the culture
Insprint automation, build the cultureInsprint automation, build the culture
Insprint automation, build the culture
 
Code Review: How and When
Code Review: How and WhenCode Review: How and When
Code Review: How and When
 

En vedette

Lectura taller virtual los dos gallos
Lectura taller virtual los dos gallosLectura taller virtual los dos gallos
Lectura taller virtual los dos gallosAnzoategui Docente
 
Presentacion de economica politica
Presentacion de economica politicaPresentacion de economica politica
Presentacion de economica politicaabelardoac
 
BNI Lake Business Builders- LOZ Vice President report
BNI Lake Business Builders- LOZ Vice President reportBNI Lake Business Builders- LOZ Vice President report
BNI Lake Business Builders- LOZ Vice President reportMike Tobin
 
Dynamic Wellness JourneyCare Goal setting and research
Dynamic Wellness JourneyCare Goal setting and researchDynamic Wellness JourneyCare Goal setting and research
Dynamic Wellness JourneyCare Goal setting and researchaltonbaird
 
Unidad iii mantencion_de_personal
Unidad iii mantencion_de_personalUnidad iii mantencion_de_personal
Unidad iii mantencion_de_personalrichard rivera
 
54 Tactics You Can Do Yourself to get REAL customers to follow you
54 Tactics You Can Do Yourself to get REAL customers to follow you54 Tactics You Can Do Yourself to get REAL customers to follow you
54 Tactics You Can Do Yourself to get REAL customers to follow youIntranet Future
 
14 kode-03-b5-strategi-pembelajaran-dan-pemilihannya
14 kode-03-b5-strategi-pembelajaran-dan-pemilihannya14 kode-03-b5-strategi-pembelajaran-dan-pemilihannya
14 kode-03-b5-strategi-pembelajaran-dan-pemilihannyaKary Adi
 
幸福創業計畫
幸福創業計畫幸福創業計畫
幸福創業計畫funpo Lin
 
I love free_nsta2010
I love free_nsta2010I love free_nsta2010
I love free_nsta2010Jan Coley
 
Reasons for foreign listings by South African junior mining and exploration c...
Reasons for foreign listings by South African junior mining and exploration c...Reasons for foreign listings by South African junior mining and exploration c...
Reasons for foreign listings by South African junior mining and exploration c...Vicki Shaw
 
Green Market Press December 2012
Green Market Press December 2012Green Market Press December 2012
Green Market Press December 2012NapervilleNCEC
 
Daniel Avidor - Deciphering the Viral Code – The Secrets of Redmatch
Daniel Avidor - Deciphering the Viral Code – The Secrets of RedmatchDaniel Avidor - Deciphering the Viral Code – The Secrets of Redmatch
Daniel Avidor - Deciphering the Viral Code – The Secrets of RedmatchMIT Forum of Israel
 
O medio mariño fichas (Candea 1994)
O medio mariño fichas (Candea 1994)O medio mariño fichas (Candea 1994)
O medio mariño fichas (Candea 1994)candeadosalnes
 
Presentacion de economica politica
Presentacion de economica politicaPresentacion de economica politica
Presentacion de economica politicaabelardoac
 

En vedette (19)

Lectura taller virtual los dos gallos
Lectura taller virtual los dos gallosLectura taller virtual los dos gallos
Lectura taller virtual los dos gallos
 
Presentacion de economica politica
Presentacion de economica politicaPresentacion de economica politica
Presentacion de economica politica
 
Csup
CsupCsup
Csup
 
Goal Centre e-bulletin Feb 2015
Goal Centre e-bulletin Feb 2015Goal Centre e-bulletin Feb 2015
Goal Centre e-bulletin Feb 2015
 
BNI Lake Business Builders- LOZ Vice President report
BNI Lake Business Builders- LOZ Vice President reportBNI Lake Business Builders- LOZ Vice President report
BNI Lake Business Builders- LOZ Vice President report
 
Dynamic Wellness JourneyCare Goal setting and research
Dynamic Wellness JourneyCare Goal setting and researchDynamic Wellness JourneyCare Goal setting and research
Dynamic Wellness JourneyCare Goal setting and research
 
Unidad iii mantencion_de_personal
Unidad iii mantencion_de_personalUnidad iii mantencion_de_personal
Unidad iii mantencion_de_personal
 
Walmart
WalmartWalmart
Walmart
 
54 Tactics You Can Do Yourself to get REAL customers to follow you
54 Tactics You Can Do Yourself to get REAL customers to follow you54 Tactics You Can Do Yourself to get REAL customers to follow you
54 Tactics You Can Do Yourself to get REAL customers to follow you
 
Cover Diari de Girona
Cover Diari de GironaCover Diari de Girona
Cover Diari de Girona
 
14 kode-03-b5-strategi-pembelajaran-dan-pemilihannya
14 kode-03-b5-strategi-pembelajaran-dan-pemilihannya14 kode-03-b5-strategi-pembelajaran-dan-pemilihannya
14 kode-03-b5-strategi-pembelajaran-dan-pemilihannya
 
幸福創業計畫
幸福創業計畫幸福創業計畫
幸福創業計畫
 
I love free_nsta2010
I love free_nsta2010I love free_nsta2010
I love free_nsta2010
 
Reasons for foreign listings by South African junior mining and exploration c...
Reasons for foreign listings by South African junior mining and exploration c...Reasons for foreign listings by South African junior mining and exploration c...
Reasons for foreign listings by South African junior mining and exploration c...
 
Green Market Press December 2012
Green Market Press December 2012Green Market Press December 2012
Green Market Press December 2012
 
Dr. Bart Cammaerts - The Mediation of Dissensus
Dr. Bart Cammaerts - The Mediation of DissensusDr. Bart Cammaerts - The Mediation of Dissensus
Dr. Bart Cammaerts - The Mediation of Dissensus
 
Daniel Avidor - Deciphering the Viral Code – The Secrets of Redmatch
Daniel Avidor - Deciphering the Viral Code – The Secrets of RedmatchDaniel Avidor - Deciphering the Viral Code – The Secrets of Redmatch
Daniel Avidor - Deciphering the Viral Code – The Secrets of Redmatch
 
O medio mariño fichas (Candea 1994)
O medio mariño fichas (Candea 1994)O medio mariño fichas (Candea 1994)
O medio mariño fichas (Candea 1994)
 
Presentacion de economica politica
Presentacion de economica politicaPresentacion de economica politica
Presentacion de economica politica
 

Similaire à OSS Java Analysis - What You Might Be Missing

Test-Driven Developments are Inefficient; Behavior-Driven Developments are a ...
Test-Driven Developments are Inefficient; Behavior-Driven Developments are a ...Test-Driven Developments are Inefficient; Behavior-Driven Developments are a ...
Test-Driven Developments are Inefficient; Behavior-Driven Developments are a ...Abdelkrim Boujraf
 
Unit Testing Full@
Unit Testing Full@Unit Testing Full@
Unit Testing Full@Alex Borsuk
 
Annotated Bibliography .Guidelines Annotated Bibliograph.docx
Annotated Bibliography .Guidelines Annotated Bibliograph.docxAnnotated Bibliography .Guidelines Annotated Bibliograph.docx
Annotated Bibliography .Guidelines Annotated Bibliograph.docxjustine1simpson78276
 
Improving the accuracy and reliability of data analysis code
Improving the accuracy and reliability of data analysis codeImproving the accuracy and reliability of data analysis code
Improving the accuracy and reliability of data analysis codeJohan Carlin
 
Topic production code
Topic production codeTopic production code
Topic production codeKavi Kumar
 
Unit Test Lab - Why Write Unit Tests?
Unit Test Lab - Why Write Unit Tests?Unit Test Lab - Why Write Unit Tests?
Unit Test Lab - Why Write Unit Tests?Danny van Kasteel
 
FutureOfTesting2008
FutureOfTesting2008FutureOfTesting2008
FutureOfTesting2008vipulkocher
 
assertYourself - Breaking the Theories and Assumptions of Unit Testing in Flex
assertYourself - Breaking the Theories and Assumptions of Unit Testing in FlexassertYourself - Breaking the Theories and Assumptions of Unit Testing in Flex
assertYourself - Breaking the Theories and Assumptions of Unit Testing in Flexmichael.labriola
 
Twelve practices of XP_Se lect5 btech
Twelve practices of XP_Se lect5 btechTwelve practices of XP_Se lect5 btech
Twelve practices of XP_Se lect5 btechIIITA
 
Software Defects and SW Reliability Assessment
Software Defects and SW Reliability AssessmentSoftware Defects and SW Reliability Assessment
Software Defects and SW Reliability AssessmentKristine Hejna
 
DevOps - Boldly Go for Distro
DevOps - Boldly Go for DistroDevOps - Boldly Go for Distro
DevOps - Boldly Go for DistroPaul Boos
 
Agile principles and practices
Agile principles and practicesAgile principles and practices
Agile principles and practicesVipin Jose
 
TDD on OSGi, in practice.
TDD on OSGi, in practice.TDD on OSGi, in practice.
TDD on OSGi, in practice.Elian, I.
 
Getting Ahead of Delivery Issues with Deep SDLC Analysis by Donald Belcham
Getting Ahead of Delivery Issues with Deep SDLC Analysis by Donald BelchamGetting Ahead of Delivery Issues with Deep SDLC Analysis by Donald Belcham
Getting Ahead of Delivery Issues with Deep SDLC Analysis by Donald Belcham.NET Conf UY
 
Maintaining Large Scale Julia Ecosystems
Maintaining Large Scale Julia EcosystemsMaintaining Large Scale Julia Ecosystems
Maintaining Large Scale Julia EcosystemsChris Rackauckas
 

Similaire à OSS Java Analysis - What You Might Be Missing (20)

Code quality
Code quality Code quality
Code quality
 
Software testing
Software testingSoftware testing
Software testing
 
TestDrivenDeveloment
TestDrivenDevelomentTestDrivenDeveloment
TestDrivenDeveloment
 
Test-Driven Developments are Inefficient; Behavior-Driven Developments are a ...
Test-Driven Developments are Inefficient; Behavior-Driven Developments are a ...Test-Driven Developments are Inefficient; Behavior-Driven Developments are a ...
Test-Driven Developments are Inefficient; Behavior-Driven Developments are a ...
 
Software testing
Software testingSoftware testing
Software testing
 
Unit Testing Full@
Unit Testing Full@Unit Testing Full@
Unit Testing Full@
 
Annotated Bibliography .Guidelines Annotated Bibliograph.docx
Annotated Bibliography .Guidelines Annotated Bibliograph.docxAnnotated Bibliography .Guidelines Annotated Bibliograph.docx
Annotated Bibliography .Guidelines Annotated Bibliograph.docx
 
Improving the accuracy and reliability of data analysis code
Improving the accuracy and reliability of data analysis codeImproving the accuracy and reliability of data analysis code
Improving the accuracy and reliability of data analysis code
 
Topic production code
Topic production codeTopic production code
Topic production code
 
Unit Test Lab - Why Write Unit Tests?
Unit Test Lab - Why Write Unit Tests?Unit Test Lab - Why Write Unit Tests?
Unit Test Lab - Why Write Unit Tests?
 
FutureOfTesting2008
FutureOfTesting2008FutureOfTesting2008
FutureOfTesting2008
 
assertYourself - Breaking the Theories and Assumptions of Unit Testing in Flex
assertYourself - Breaking the Theories and Assumptions of Unit Testing in FlexassertYourself - Breaking the Theories and Assumptions of Unit Testing in Flex
assertYourself - Breaking the Theories and Assumptions of Unit Testing in Flex
 
Twelve practices of XP_Se lect5 btech
Twelve practices of XP_Se lect5 btechTwelve practices of XP_Se lect5 btech
Twelve practices of XP_Se lect5 btech
 
Software Defects and SW Reliability Assessment
Software Defects and SW Reliability AssessmentSoftware Defects and SW Reliability Assessment
Software Defects and SW Reliability Assessment
 
DevOps - Boldly Go for Distro
DevOps - Boldly Go for DistroDevOps - Boldly Go for Distro
DevOps - Boldly Go for Distro
 
Agile principles and practices
Agile principles and practicesAgile principles and practices
Agile principles and practices
 
TDD on OSGi, in practice.
TDD on OSGi, in practice.TDD on OSGi, in practice.
TDD on OSGi, in practice.
 
Getting Ahead of Delivery Issues with Deep SDLC Analysis by Donald Belcham
Getting Ahead of Delivery Issues with Deep SDLC Analysis by Donald BelchamGetting Ahead of Delivery Issues with Deep SDLC Analysis by Donald Belcham
Getting Ahead of Delivery Issues with Deep SDLC Analysis by Donald Belcham
 
Website qa
Website qaWebsite qa
Website qa
 
Maintaining Large Scale Julia Ecosystems
Maintaining Large Scale Julia EcosystemsMaintaining Large Scale Julia Ecosystems
Maintaining Large Scale Julia Ecosystems
 

Dernier

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Dernier (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

OSS Java Analysis - What You Might Be Missing

  • 1. OSS Java Analysis What You Might Be Missing
  • 2. Overview • Open Source Static Analysis Options for Java • Case Study: Analysis of Jenkins Project • Detailed Findings 2 Copyright 2013, Coverity, Inc.
  • 3. Consistent Use = More Maintainable Code Numerous Static Analysis Options for Java Copyright 2013, Coverity, Inc.3 Checkstyle Defines and enforces coding standards Finds common programming flaws and duplicated code Finds bugs Finds coding errors, ensures proper testing coverage and more
  • 4. • Will you use it? • Does it find issues that you care about? Does it fit into your team’s workflow? Is it worth the effort? • Is it actionable? • Does it just find issues, or does it help you understand how and where to fix them? • Is it accurate? • Will you waste significant time on false positives? Are results consistent across builds? • Is it integrated? • Do you have to go out of your way to use it, or does it bring the problems to you? Key Considerations Copyright 2013, Coverity, Inc.4
  • 5. Case Study: Jenkins Coverity Development Testing Platform and FindBugs 5 Copyright 2013, Coverity, Inc.
  • 6. Background • Analyzed Jenkins 1.496 core code using up-to-date Coverity and FindBugs (as of Dec 2012) • Both solutions focus on finding defects, have IDE and command line interfaces Copyright 2013, Coverity, Inc.6 FindBugs • Often used automatically in Eclipse • Extensible tool • Management capabilities focused on individual developers Coverity Platform • Most often run in Eclipse or via automated build • Extensible tool, open platform • Sophisticated management capabilities addressing the needs of developers, teams & organizations
  • 7. Little Overlap 7 Copyright 2013, Coverity, Inc. Only 28 relevant issues found by both solutions
  • 8. Defect Summary (Real Bugs Only) 8 Type Coverity FindBugs Both Resource leaks 86 12 13 Security problems 1 0 0 Concurrency problems 22 10 9 High Severity Subtotal 109 22 22 Coding Standards, Best Practices, Other 88 605 6 Total Bugs 197 627 28 Coverity FindBug s Impact Distribution High Med-Low Copyright 2013, Coverity, Inc. Each solution found unique issues (neither is sufficient to replace the other)
  • 9. Here is a resource leak identified by FindBugs: • Identifies the problem and general location • But there’s no indication of the affected object/variable, the relevant code path or events • Developers need to figure it out on their own • Not a big deal in this simple code • Complex code will be a pain! Example: FindBugs Resource Leak Copyright 2013, Coverity, Inc.9 A leak might affect something on this line
  • 10. Here is a leak identified by Coverity: The object will continue to hold resources until the garbage collector eventually finalizes it—which may never happen. Example: Coverity Resource Leak Copyright 2013, Coverity, Inc.10 “listener” allocated. Implements Closeable, so it needs to be closed “listener” used, but still needs to be closed Leak: no longer usable, and never closed
  • 11. Example: Coverity Race Condition 11 Copyright 2013, Coverity, Inc. This is an HTTP request handler “o” is associated with session Another thread may modify the session Session attribute is deleted. The right one? Erroneous code path identified You may delete the wrong key! Good luck finding this manually!
  • 12. Example: Coverity Null Dereference Copyright 2013, Coverity, Inc.12 Passing null to function Dereferenced two layers deep You should check for null before or during the call to rebuild()
  • 13. Conclusion • Different analysis tools often find different (important and complementary) issues • Use multiple tools that find issues important to you • Avoid tools that take too long to analyze, require too much manual work or have too many false positives 13 Copyright 2013, Coverity, Inc.