Challenges in deploying static analysis tools

CrossTalk

Volumn 24, Issue 4, 2011, Pages 32-36

  Jain, Piyush ^a   Rao, Ramakrishna ^a   Balan, Sathyanand ^a  

^a INFOSYS TECHNOLOGIES LTD   (India)

Author keywords

[No Author keywords available]

Indexed keywords

HIGHER QUALITY SOFTWARES;

EQUIPMENT;

STATIC ANALYSIS;

EID: 79960157354     PISSN: None     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (25)

1. L Hatton. Software failures-follies and fallacies. IEE Review, 43(2):49-52, 1997.
2. A. German. Software static code analysis lessons learned. CrossTalk: The Journal of Defense Software Engineering, November 2003.
3. Yannick Moy. Static Analysis Is Not Just for Finding Bugs. CrossTalk: The Journal of Defense Software Engineering, September 2010.
4. G. Brat et al. Experimental evaluation of verification and validation tools on Martian Rover software. Formal Methods in System Design, 25(2):167-198, 2004.
5. A. Bessey et al. A few billion lines of code later: using static analysis to find bugs in the real world. Comm. of the ACM, 53(2):66-75, 2010.
6. Paul Black. Static Analyzers in Software Engineering. CrossTalk: The Journal of Defense Software Engineering, March 2009.
7. D T V Ramakrishna Rao, Piyush Jain, and Sathyanand Balan. Why Static Analysis Tool Deploy ments Fail? (And How...). In Embedded Systems Conference (ESC), Bangalore, July 2010.
8. H. Lichter and G. Riedinger. Improving software quality by static program analysis. Software Process: Improvement and Practice, 3(4):235-241, 1998.
9. Dejan Baca. Automated static code analysis - A tool for early vulnerability detection. PhD thesis, Bleking Institute of Technology, Sweden, 2009.
10. T. Ball et al. SLAM and Static Driver Verifier: Technology transfer of formal methods inside Microsoft. LNCS, 2999:1-20, 2004.
11. D T V Ramakrishna Rao. Defect Detection By Developers. CrossTalk: The Journal of Defense Software Engineering, pages 8-11, March 2009.
12. J. Zheng et al. On the value of static analysis for fault detection in software. IEEE Transactions on Software Engineering, 32(4):240-253, 2006.
13. P. Chandra et al. Putting the tools to work: How to succeed with source code analysis. IEEE security & privacy, 4(3):80-83, 2006. (Pubitemid 44144084)
14. S. Wagner et al. Comparing Bug Finding Tools with Reviews and Tests. In Proc. 17th Int'l Conf. on Testing of Communicating Systems (TestCom05), pages 40-55. Springer, 2005. (Pubitemid 41322192)
15. J. Nazario. Source code scanners for better code. Linux Journal, January 2002.
16. N. Ayewah et al. Using static analysis to find bugs. IEEE software, 25(5):22-29, 2008.
17. Melissa Webster. The Software Quality Imperative. Technical report, IDC, 2005.
18. Russel King. "Do not misuse Coverity please".
19. Tom Demarco. Why does software cost so much? Dorset House Publishing, 1995.
20. T. DeMarco and T. Lister. Peopleware: productive projects and teams. Dorset House Publishing Company, Incorporated, 2nd edition, 1999.
21. S. Maguire. Debugging the development process. Microsoft Press, 1994.
22. Brian Chess and Gary McGraw. Static analysis for security. IEEE Security and Privacy, 2(6):76-79, 2004.
23. J.G. Ganssle. The art of designing embedded systems. Newnes, 2000.
24. Matthew Hayward. The Truth Behind Static Analysis Pitfalls. EE Times, January 2009. http://www.eetimes.com/design/embedded/4008210/TheTruth-Behind- Static-Analysis-Pitfalls
25. William Pugh. Making Static Analysis Part of Your Build Process. Presentation to the Silicon Valley Java Users Group, 2009.