Even Cavemen Can Do It: Find 1,000 Defects in 1,000,000 Lines of Code in 30 Days

Gregory Pope, William Oliver and Kimberly Ferrari, Lawrence Livermore National Laboratory

Due to the increased emphasis on computer security, great advances have been made in static analyzer tools that can detect many code errors that often elude programmers, compilers, test suites, and visual reviews. Traditional tools such as "lint" detectors are plagued with high false positive rates. Gregory Pope discusses the steps his organization used to evaluate and select a static analyzer tool and pilot its implementation. He describes how they rolled out the tool to developers and how it is being used today. Greg shares the results they achieved on real code (C, C++, and Java) and the valuable code metrics they obtained as a byproduct of its use. Greg discusses the skills needed to use the tools, ways to interpret the results, and techniques they used for winning over developers.

  • The features of static code analyzers
  • Defects that can be found with these tools
  • How to maximize your success using static analysis

Upcoming Events

Jun 04
Oct 01
Nov 05
Apr 28