This talk discusses various advances in program analysis technology that enable a larger class of bugs to be detected earlier in software development projects (and even to be automatically fixed in some cases). It focuses particularly on recent developments that enable tight integration of program analysis tools into DevOps processes.
Articles, tutorials, videos and tools to perform software source code analysis in software testing.
This presentation reviews recent developments in code analysis as well as the history of static analysis in commercial software and its evolution in the academic world. It provides an overview of the current commercial landscape, and conclude with best practices for organizations looking to bring static analysis into their software development environment and software testing practices.
Specializing static analysis techniques for test suites has yielded interesting results. We’ve previously learned that most tests are simple straight-line code, namely a sequence of setup statements followed by a payload consisting of asserts. We show how static analysis can identify useless setup statements, enabling developers to simplify and speed up their test cases.
Static analysis tools have the potential to significantly improve programmer productivity as well as the safety, reliability and efficiency of the code they write. Modern static analysis has moved well beyond the mental model people often have based on “lint”: just finding simple typos. Static analysis can find subtle, complex bugs early, identify opportunities to improve performance, encourage consistent style and appropriate usage of libraries and APIs.
PHP is not the best language to catch errors in code, like mistyped names of variables. This is what static code analysis tools (named linters or lints) can do: find bugs in code before it ever get executed. Linters don’t replace unit tests, but generally they are faster and cheaper to set up. I’ll talk about my XRef lint project (http://xref-lint.net/) as well as other helpful open source alternatives: phplint (http://www.icosaedro.it/phplint/), arcanist (http://phabricator.org/) and scrutinizer (https://scrutinizer-ci.com/).
This presentation discusses problems and solutions that were made in solving problems such as size (about 100 people in total, more than 5 years long), multi-location (Vilnius, China, US), remote PO (teams in Eastern Europe, PO in US), ~550 000 LOC’s, multiple customers. It will present techniques used to maintain the project quality in shape: Continuous Integration, Code Review, Static Code Quality.