jm + static-code-analysis   3

LGTM
Analyses open source code repos on github, running static code analysis to find "zero-days and other critical bugs".
security  code-review  static-code-analysis  coding  lgtm  github 
12 days ago by jm
Open-sourcing RacerD: Fast static race detection at scale | Engineering Blog | Facebook Code
At Facebook we have been working on automated reasoning about concurrency in our work with the Infer static analyzer. RacerD, our new open source race detector, searches for data races — unsynchronized memory accesses, where one is a write — in Java programs, and it does this without running the program it is analyzing. RacerD employs symbolic reasoning to cover many paths through an app, quickly.


This sounds extremely interesting...
racerd  race-conditions  data-races  thread-safety  static-code-analysis  coding  testing  facebook  open-source  infer 
october 2017 by jm
Bug Prediction at Google
LOL. grepping commit logs for /bug|fix/ does the job, apparently:
In the literature, Rahman et al. found that a very cheap algorithm actually performs almost as well as some very expensive bug-prediction algorithms. They found that simply ranking files by the number of times they've been changed with a bug-fixing commit (i.e. a commit which fixes a bug) will find the hot spots in a code base. Simple! This matches our intuition: if a file keeps requiring bug-fixes, it must be a hot spot because developers are clearly struggling with it.
bugs  rahman-algorithm  heuristics  source-code-analysis  coding  algorithms  google  static-code-analysis  version-control 
march 2015 by jm

Copy this bookmark:



description:


tags: