pw201 + coverity   1

A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World | February 2010 | Communications of the ACM
Bunch of academics write a static checker and take it commercial. They are surprised to find that: Compilers for embedded targets accept stuff which isn't quite C, embedded programmers use the stuff, because we're evil. A worryingly large proportion of programmers are clueless ("No, ANSI lets you write 1 past the end of the array"), concluding that "You cannot often argue with people who are sufficiently confused about technical matters; they think you are the one who doesn't get it. They also tend to get emotional. Arguing reliably kills sales." Also, managers like graphs of bad stuff to go down over time, so don't like the tool to improve. Fun article. Via Metafilter.
programming  analysis  security  software  coverity  development  tools  C 
february 2010 by pw201

Copy this bookmark:



description:


tags: