Short intro to the idea and its application to managing software:
In “Static Analysis: An Introduction,” author Patrick Thomson provides a perspective on the history, current state and future of static analysis, an important tool in helping programmers manage the complexity of modern software. At stake is software quality, he says, as empirical studies indicate that a codebase's complexity -- and the ability for programmers to understand the software -- correlates with its rate of defects.
Thomson draws distinctions between static and dynamic analyses such as valgrind, which extracts facts from a program as it runs, and model checking, which verifies the correctness of a separate external specification of a program.
Not all static analyses are feasible. As a codebase becomes larger, it takes more time to parse and traverse, notes Thomson, requiring more sophisticated and efficient analyses. Additionally, many static analyses are computationally expensive. Perhaps the most important barrier to adoption of static-analysis tools is the requirement that programmers change their behavior to account for the discovery of issues such as false positives and false negatives.
Looking toward the future, Thomson says the subfield of static analyses targeted toward detection of security vulnerabilities becomes more valuable and continues to attract industrial and research attention.
Queue is ACM's magazine for practicing software engineers. Written by engineers for engineers, Queue focuses on the technical problems and challenges that loom ahead, helping readers to sharpen their own thinking and pursue innovative solutions. ... '
No comments:
Post a Comment