Stomping on the Bugs
By Allen Holub
May 1, 2006 —
(Page 1 of 3)
Bugs are a big deal. They, of course, inflate the cost of development. I just spent $850 of my client’s money—and wasted most of a day—tracking down what turned out to be a bug in ActiveMQ’s JMS implementation. (So much for “free” software.) Bugs are also the main source of security vulnerability in your program. Hackers attack bugs—it’s that simple.
Part of the bug problem is addressable with process: Test-Driven Development and continuous regression testing are essential practices. Code reviews and pair programming help too. However, none of these “best practices” will find all the bugs.
Computer programs that purport to find bugs have been around for a while. The venerable Unix lint utility did that with C programs. Unfortunately, for every real bug that lint found, it identified 40 or 50 fake bugs, places in the code where there was actually nothing wrong. This huge number of false positives discredited the whole idea of static analysis, of having a computer program find bugs for you.
Fortunately for all of us, we’ve learned a lot since Steve Johnson wrote the original lint back in 1977. I just installed FindBugs (findbugs.sourceforge.net), the brainchild of Bill Pugh and David Hovemeyer at the University of Maryland. This is a breathtakingly useful (and free) tool.
FindBugs finds the sorts of things you’d expect. Unread fields, unused variables and so forth, but it does a lot more.
The basic bug analysis is thorough—much more so than, say, Eclipse’s editor is. For example, it flags a possible null-pointer dereference if a method uses a reference that’s passed as an argument without first explicitly testing for null in various ways. That is, you can get rid of the error by putting an explicit test in an “if” statement, adding an “assert” and so forth.
FindBugs goes way beyond the obvious “correctness” problems, though. It can find performance problems, some threading bugs (like inconsistent use of synchronization), vulnerabilities to hacking, internationalization problems and style errors. The attack-vulnerability bugs are particularly important, since these things slip through code reviews all the time, and the consequences of an attack can be so large.
Share this link: http://sdt.bz/29281
Most Read Latest News Blog Resources
Appcelerator Acquires Cocoafish to Add Instant Mobile Cloud Capabilities to its Industry Leading Titanium Platform
Appcelerator Offers Messaging, Social, Location and Storage Mobile Cloud Services to All Mobile App Publishers
|
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
ComponentOne Releases a Collection of 40+ UI Widgets Powered by HTML5 and jQuery
ComponentOne has announced the 2012 release of Wijmo: a kit of UI widgets for HTML5 and jQuery development
|
|
Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists
|
|
Not so fast when it comes to testing in the cloud
Developers face outsourcing, virtual lab management and mobile devices as obstacles
|
|
Xceed releases UX-focused suite for Microsoft’s WPF
"Blendables" helps match user experiences to developer visions
|
Are you at risk for burnout?
Burnout is a severe problem and it can strike at any time. Here's how to tell if you are nearing the edge.
|
|
Agility, mom, and apple pie
If we're to evaluate the state-of-the-art in software development, we should start with the values espoused in the Agile Manifesto.
|
|
RIM woos developers with free tablet
How do you get more apps ported to the BlackBerry PlayBook? By giving every developer a free tablet, of course!
|
|
GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.
|
The Hidden Costs of Software Licensing
Moving beyond paper-based software licensing to more flexible, software-based licensing is a business decision. There is a growing trend tow...
|
|
Case Study: You May Need a Development Mechanic
As a contractor for a major financial player in Germany, SOBEGE, a German-based consultancy specializing in embedded IT and web services, wa...
|
|
Ensuring Software Quality at a Major International Bank
One of the world’s leading international banks has adopted AgitarOne technology for delivering generated unit tests for their Java software...
|
|
Load Testing Adobe Flex Applications
Adobe Flex applications may be different from applications you’ve worked with before. For classic HTML web applications, the server does all...
|