Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
The Psychology
of C# Analysis
Eric Lippert
C# Analysis Architect
Coverity
Intro
Intro
• Psychological factors in language design…
• … and compiler error messages…
• … and static analysis tools…
• … and ...
Who is this guy?
• Compiler developer / language designer at Microsoft from
1996 through 2012
• Visual Basic, VBScript, JS...
This guy is you, not me
Body
The business case for C#
The business case for C#
• Productive, successful professional developers who target
Microsoft platforms make those platfo...
Target C# Developer Characteristics
• Professionals, not amateurs
• Engineers, not hackers
• Programming experts, not line...
Conservatism
Conservatism
• C# developers hate breaking changes imposed by tools
• Even trivial breaking changes are agonized over
• In...
Conservatism
• C# app developers also hate breaking their users
• Facilitating versionable components was a pri 1 design g...
Conservatism
Conservatism
C# 4.0 added dynamic dispatch to facilitate interoperability
with dynamic languages and “legacy” object model...
Error reporting psychology
FAIL
Error reporting psychology
• Dealing with correct code is literally the smallest problem
• “Roslyn” does syntactic analysi...
Error reporting psychology
Error reporting psychology
A params parameter must be the last
parameter in a formal parameter list
Is this saying:
• If t...
Error reporting psychology
Error messages must read the mind of a developer who
wrote broken code and figure out what they...
Error reporting psychology
Error reporting psychology
Complex operator + (Complex x, Complex y) { ...
User-defined operator must be declared static a...
Warnings are harder than errors
Warnings are harder than errors
• Must infer developers erroneous thoughts
• Compiler must be fast
• This makes an opportu...
What do C# developers want?
Rigidly defined areas of doubt and uncertainty
• Static type checking, type safety, memory saf...
It hurts because its true
C# was originally called SafeC
C# throws developers into the “Pit of Success”:
• Eliminate unimportant dangerous features ...
C/C++ defects inapplicable to C#:
• Local read before assignment
• C# rejects programs that use uninitialized locals
• Uni...
C/C++ defects inapplicable to C#:
• Failure to consistently check error return codes
• C# uses exceptions
• Accidental sig...
C/C++ defects inapplicable to C#:
• sizeof mistakes
• C#’s sizeof operator only takes types
• Unintentional switch fall-th...
Of course the compiler is not perfect…
Defects common to C/C++ and C#
• Copy paste mistakes
• Expression contains variables but always
has the same result
• You ...
Day one training at Coverity
Developer Adoption is Key
• Soundness is explicitly a non-goal
• We don’t want to find all defects or even most defects
• ...
Developer psychology WRT analysis tools
Developer psychology WRT analysis tools
• Egotistical
• I don’t need this tool for my code
• But my coworkers on the other...
Developer psychology WRT analysis tools
Developer psychology WRT analysis tools
• Skeptical, conservative, dismissive
• Resistant to change
• Quick to criticize “...
Developer psychology WRT analysis tools
Developer psychology WRT analysis tools
• “Busy” with, you know, “real work”
• Code annotations are unacceptable
• Analysi...
Developer psychology WRT analysis tools
Developer psychology WRT analysis tools
• Any change in what defects are reported on the same code
over time – a.k.a. “chu...
Developer psychology WRT analysis tools
Developer psychology WRT analysis tools
• Responds well to perverse incentives
• Hard-to-understand defect reports are eas...
Displaying good defect messages
Displaying good defect messages
public void GetThing(Type type, bool includeFrobs)
{
bool isFrob = (type != null) &&
typeo...
Displaying good defect messages
public void GetThing(Type type, bool includeFrobs)
{
Assuming type is null.
type != null e...
Management psychology
Management psychology
• The first time static analysis runs there may be thousands
of errors; typical rate is one defect p...
Management psychology
Management psychology
• Management actually pays for the developer tools
• And typically has no idea how to use them effec...
Worse is better; better is worse
KnownDefects
Time
No tool improvements ==
Management gets bonus
Worse is better; better is worse
KnownDefects
Time
No tool improvements ==
Management gets bonus
Tool upgrades find more d...
Good news
If you have a well-engineered product that:
• makes good use of theoretical and pragmatic approaches,
• finds re...
Conclusion
Special thanks to Scott at BasicInstructions.net
Conclusion
Conclusion
• Theoretical static analysis techniques are awesome; we can
and do use them in industry…
• … but doing all tha...
More information
• Learn about Coverity at www.Coverity.com
• Read “A Few Billion Lines Of Code Later”
• Find me on Twitte...
Copyright 2013 Coverity, Inc.
Error reporting psychology Complex operator
Error reporting psychology Complex operator
Nächste SlideShare
Wird geladen in …5
×

Error reporting psychology Complex operator The Psychology of C# Analysis

30.487 Aufrufe

Veröffentlicht am

Error reporting psychology
Complex operator + (Complex x, Complex y) { ...
User-defined operator must be declared static and public
• This is an example of a prescriptive error done right
• The user absolutely positively has to do this to overload an operator
• Odds that they were not trying to overload an operator are low

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

×