SlideShare ist ein Scribd-Unternehmen logo
1 von 61
Downloaden Sie, um offline zu lesen
The Psychology
of C# Analysis
Eric Lippert
C# Analysis Architect
Coverity
Intro
The Psychology of C# Analysis
Intro
• Psychological factors in language design…
• … and compiler error messages…
• … and static analysis tools…
• … and funny pictures of cats.
Who is this guy?
• Compiler developer / language designer at Microsoft from
1996 through 2012
• Visual Basic, VBScript, JScript, VS Tools for Office, C# / Roslyn
• Static analysis architect for C# at Coverity since January
• I will use “we” totally inconsistently
• I have no formal background in static analysis
• I take an engineering rather than academic approach
This guy is you, not me
Body
The Psychology of C# Analysis
The business case for C#
The business case for C#
• Productive, successful professional developers who target
Microsoft platforms make those platforms more attractive
to Microsoft’s customers
• Original design goal was “a simple, modern, general-
purpose language”
• Any language with an 800 page specification is no longer
simple, but modern and general-purpose still apply
• Understanding developer psychology is key to achieving
wide adoption of any developer tool
Target C# Developer Characteristics
• Professionals, not amateurs
• Engineers, not hackers
• Programming experts, not line-of-business experts
• Pragmatists, not academics
• Skeptics, not true believers
• Conservatives, not radicals
Conservatism
Conservatism
• C# developers hate breaking changes imposed by tools
• Even trivial breaking changes are agonized over
• In 11 years and 6 releases C# has never added a new
reserved keyword
• New keywords are contextual so as to not be breaking
• This imposes considerable restrictions on new syntaxes
• For example, consider iterator blocks:
double yield = 123.4;
yield return yield;
Conservatism
• C# app developers also hate breaking their users
• Facilitating versionable components was a pri 1 design goal
• Numerous seemingly-counterintuitive features actually mitigate
brittle-base-class failures:
class Base
{
public void M(int x) { }
}
class Derived : Base
{
public void M(double x) { }
}
...
derived.M(123); // Base.M or Derived.M?
Conservatism
Conservatism
C# 4.0 added dynamic dispatch to facilitate interoperability
with dynamic languages and “legacy” object models
• Enormous MVP community pushback
• I will use this feature correctly but my coworkers are
going to abuse it and then I’m going to have to fix their
god-awful hacked-up code
• Anything that makes the compiler less capable of finding
bugs is met with skepticism and resistance
• Completely redesigned based on early feedback
Error reporting psychology
FAIL
Error reporting psychology
• Dealing with correct code is literally the smallest problem
• “Roslyn” does syntactic analysis of broken code in the time
between keystrokes; semantic analysis takes a little longer
• Error messages need to be understandable, accurate, polite
and diagnostic rather than prescriptive
• Let’s take a look at some examples
Error reporting psychology
Error reporting psychology
A params parameter must be the last
parameter in a formal parameter list
Is this saying:
• If there is a params parameter, it must be the last one? or
• The last parameter and only the last parameter must
always be a params parameter? Or
• The last parameter must be a params parameter; if others
are as well, that’s fine too?
The error is only clear if the feature is already understood
Error reporting psychology
Error messages must read the mind of a developer who
wrote broken code and figure out what they meant.
class C
{
public virtual static void M(){}
}
Error reporting psychology
Error reporting psychology
Complex operator + (Complex x, Complex y) { ...
User-defined operator must be declared static and public
• This is an example of a prescriptive error done right
• The user absolutely positively has to do this to overload an operator
• Odds that they were not trying to overload an operator are low
Warnings are harder than errors
Warnings are harder than errors
• Must infer developers erroneous thoughts
• Compiler must be fast
• This makes an opportunity for third-party tools
• Must be plausibly wrong
• A warning for code that no one would reasonably type is unhelpful
• Must be able to eliminate warning
• And ideally the warning should tell you how
• Must have low false positive rate
• Encouraging developers to change correct code is harmful
• We will return to this point later
What do C# developers want?
Rigidly defined areas of doubt and uncertainty
• Static type checking, type safety, memory safety…
• … that can be disabled if necessary.
• A compiler that infers developer intent…
• … with predictable behavior and understandable rules
• Actionable errors when inference fails…
• …rather than muddling on through and getting it wrong
It hurts because its true
C# was originally called SafeC
C# throws developers into the “Pit of Success”:
• Eliminate unimportant dangerous features entirely
• switch fall through
• Restrict dangerous features to clearly-marked unsafe code regions
• Eliminate implementation-defined behaviours
• x = ++x + x++; is well-defined in C# …
• …but still a bad idea.
• Define common undefined behaviours
• Accessing an array out of bounds causes an exception
• Mandate compiler warnings
There are numerous defects that the Coverity C/C++ analysis checkers
detect which are impossible, unlikely, or already warnings in C#.
Let’s look at a few dozen. Quickly. These are all defects found by Coverity
in C/C++ that are not worth checking in C#…
C/C++ defects inapplicable to C#:
• Local read before assignment
• C# rejects programs that use uninitialized locals
• Uninitialized fields / arrays
• Fields and arrays are automatically zeroed out
• Treating a pointer to a variable as a pointer to an array
• Rare, must be marked as unsafe
• Buffer length arithmetic errors
• Strings and arrays know their lengths; checked at runtime
• Pointer/integer/char/bool/enum type errors
• Not inter-assignable in C# without explicit cast operators
C/C++ defects inapplicable to C#:
• Failure to consistently check error return codes
• C# uses exceptions
• Accidental sign extension
• Either error or warning
• Implementation-defined side effect order
• Side effect order is well-defined
• Statement with no effect
• is actually a parse time error in C#
• Accidental use of ambiguous names
• C# requires that a simple name have a unique meaning in a block
C/C++ defects inapplicable to C#:
• sizeof mistakes
• C#’s sizeof operator only takes types
• Unintentional switch fall-through
• Is an error
• Unreachable code
• Is a warning
• Accidental assignment or comparison of variable to itself
• Yep, that’s a warning too
• Field never written or never read
• Man that’s a lot of warnings
• Missing return statement
• Is illegal
• malloc without free / free without malloc / allocator – deallocator mismatch / use after free
• Not needed in a garbage-collected language
• Dereferencing an address that lived longer than the storage it refers to
• References to variables may not be stored in long-term storage
• Accidental use of function pointer
• Method group expressions can only be used in strictly limited locations
• Overriding errors
• The language was designed to mitigate brittle base class failures by default
Of course the compiler is not perfect…
Defects common to C/C++ and C#
• Copy paste mistakes
• Expression contains variables but always
has the same result
• You checked for null here, you dereferenced
without checking there.
• Some infinite loops
• Dangling else and other indentation issues
• Array index out of bounds
• Integer overflow
• checked arithmetic is off by default
• Non-memory resource leaks
• Such as forgetting to close a file
• Stray semicolons
• Swapped arguments
• Unused return value
• Uncaught exception
• Missing or misordered critical sections
• Including non-atomic operations
inconsistently inside critical sections
• And many more!
And these are just a few that are
common to C and C#; there are
a whole host of defects specific
to C# programs that we could
find statically.
Let’s consider the psychological
aspects of static analysis tools
beyond the compiler.
Day one training at Coverity
Developer Adoption is Key
• Soundness is explicitly a non-goal
• We don’t want to find all defects or even most defects
• We want every defect reported to be a customer-affecting bug
• Developers won’t adopt a product that they perceive as making
their jobs harder for no customer benefit
• Our business model requires adoption to drive renewals
• How do developers – who, remember, are using C# because they
like a statically-typed language – react to static analysis tools?
Developer psychology WRT analysis tools
Developer psychology WRT analysis tools
• Egotistical
• I don’t need this tool for my code
• But my coworkers on the other hand…
• Clever management uses this trait to advantage
Developer psychology WRT analysis tools
Developer psychology WRT analysis tools
• Skeptical, conservative, dismissive
• Resistant to change
• Quick to criticize “stupid” false positives
• The first five defects they see had better be true positives
Developer psychology WRT analysis tools
Developer psychology WRT analysis tools
• “Busy” with, you know, “real work”
• Code annotations are unacceptable
• Analysis tool must adapt to customer’s build process
• Overnight analysis runs are acceptable – barely
Developer psychology WRT analysis tools
Developer psychology WRT analysis tools
• Any change in what defects are reported on the same code
over time – a.k.a. “churn” – is the enemy
• Randomized analysis is right out, unfortunately
• Any improvement to our analysis heuristics can cause
unwanted churn
• We try to keep churn below 5% on every release
Developer psychology WRT analysis tools
Developer psychology WRT analysis tools
• Responds well to perverse incentives
• Hard-to-understand defect reports are easy to ignore
• No downside to incorrectly triaging true positives as false positives
• Finding defects is hard; presenting evidence that prevents
incorrect classification as a false positive is harder
• Deep analysis with theorem provers can be worse than shallow
analysis with cheap heuristics.
• Presenting the result is insufficient; the developer must understand
the proof to fix the defect.
Displaying good defect messages
Displaying good defect messages
public void GetThing(Type type, bool includeFrobs)
{
bool isFrob = (type != null) &&
typeof(IFrob).IsAssignableFrom(type);
object instance = this.objects[this.name]
if (instance is IFrob && includeFrobs)
{ [...] }
else if (type.IsAssignableFrom(instance.GetType())
{ [...] }
Displaying good defect messages
public void GetThing(Type type, bool includeFrobs)
{
Assuming type is null.
type != null evaluated to false.
bool isFrob = (type != null) &&
typeof(IFrob).IsAssignableFrom(type);
object instance = this.objects[this.name]
instance is IFrob evaluated to true.
includeFrobs evaluated to false.
if (instance is IFrob && includeFrobs)
{ [...] }
Dereference after null check:
dereferencing type while it is null.
else if (type.IsAssignableFrom(instance.GetType())
{ [...] }
Management psychology
Management psychology
• The first time static analysis runs there may be thousands
of errors; typical rate is one defect per thousand LOC
• Academic answer: rank heuristics
• Pragmatic answer: ignore them all
• Simply ignore all defects in existing code
• Triage and fix defects in new code
• “Someday” get around to fixing defects in old code
• Why is this so popular?
• Old code is in the field. It works well enough. Risk is low.
• New code is unproven. It might work, or it might not. Risk is high.
Management psychology
Management psychology
• Management actually pays for the developer tools
• And typically has no idea how to use them effectively
• Middle management has perverse incentives too
• Time, cost and complexity are easily measured; quality is not
• “Never upgrade the static analysis tool before release”
• Worse tools are better; better tools are worse
Worse is better; better is worse
KnownDefects
Time
No tool improvements ==
Management gets bonus
Worse is better; better is worse
KnownDefects
Time
No tool improvements ==
Management gets bonus
Tool upgrades find more defects ==
Management gets no bonus
The fix rate is the same in these two
graphs but if the tool improves faster
than the fix rate, no bonus.
Good news
If you have a well-engineered product that:
• makes good use of theoretical and pragmatic approaches,
• finds real-world, user-affecting defects, and
• takes developer and management psychology into account
Then you can make a positive difference
Conclusion
Special thanks to Scott at BasicInstructions.net
Conclusion
Conclusion
• Theoretical static analysis techniques are awesome; we can
and do use them in industry…
• … but doing all that math is actually only one small part of shipping
a static analysis product
• Understanding developer and management psychology is
necessary to ensure adoption of any developer tools
• C# was carefully designed to match a target developer mindset
• Coverity thinks about developer and manager psychology at every
stage in the analysis and overall product design
• Research into better ways to present defects would be awesome
More information
• Learn about Coverity at www.Coverity.com
• Read “A Few Billion Lines Of Code Later”
• Find me on Twitter at @ericlippert
• Or read my C# blog at www.EricLippert.com
• Or ask me about C# at www.StackOverflow.com
Copyright 2013 Coverity, Inc.

Más contenido relacionado

Was ist angesagt?

Testing strategies for legacy code
Testing strategies for legacy codeTesting strategies for legacy code
Testing strategies for legacy codeAlex Soto
 
White Box Testing
White Box TestingWhite Box Testing
White Box TestingAlisha Roy
 
Code Review
Code ReviewCode Review
Code ReviewDivante
 
Code Review Best Practices
Code Review Best PracticesCode Review Best Practices
Code Review Best PracticesTrisha Gee
 
How to Have Code Reviews That Developers Actually Want
How to Have Code Reviews That Developers Actually WantHow to Have Code Reviews That Developers Actually Want
How to Have Code Reviews That Developers Actually WantCameron Presley
 
Code Review
Code ReviewCode Review
Code Reviewrantav
 
Actor Concurrency Bugs: A Comprehensive Study on Symptoms, Root Causes, API U...
Actor Concurrency Bugs: A Comprehensive Study on Symptoms, Root Causes, API U...Actor Concurrency Bugs: A Comprehensive Study on Symptoms, Root Causes, API U...
Actor Concurrency Bugs: A Comprehensive Study on Symptoms, Root Causes, API U...Raffi Khatchadourian
 
Code Review
Code ReviewCode Review
Code ReviewTu Hoang
 
TMPA-2015: Towards a Usable Defect Prediction Tool: Crossbreeding Machine Lea...
TMPA-2015: Towards a Usable Defect Prediction Tool: Crossbreeding Machine Lea...TMPA-2015: Towards a Usable Defect Prediction Tool: Crossbreeding Machine Lea...
TMPA-2015: Towards a Usable Defect Prediction Tool: Crossbreeding Machine Lea...Iosif Itkin
 
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for JavaSystematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for JavaMichael Reif
 
Tech Days 2015: Static Analysis CodePeer
Tech Days 2015: Static Analysis CodePeer Tech Days 2015: Static Analysis CodePeer
Tech Days 2015: Static Analysis CodePeer AdaCore
 
Proactive Empirical Assessment of New Language Feature Adoption via Automated...
Proactive Empirical Assessment of New Language Feature Adoption via Automated...Proactive Empirical Assessment of New Language Feature Adoption via Automated...
Proactive Empirical Assessment of New Language Feature Adoption via Automated...Raffi Khatchadourian
 
Code review
Code reviewCode review
Code reviewdqpi
 
Data Generation with PROSPECT: a Probability Specification Tool
Data Generation with PROSPECT: a Probability Specification ToolData Generation with PROSPECT: a Probability Specification Tool
Data Generation with PROSPECT: a Probability Specification ToolIvan Ruchkin
 
Code Review Matters and Manners
Code Review Matters and MannersCode Review Matters and Manners
Code Review Matters and MannersTrisha Gee
 

Was ist angesagt? (20)

Testing strategies for legacy code
Testing strategies for legacy codeTesting strategies for legacy code
Testing strategies for legacy code
 
White Box Testing
White Box TestingWhite Box Testing
White Box Testing
 
Code Review
Code ReviewCode Review
Code Review
 
Code review at large scale
Code review at large scaleCode review at large scale
Code review at large scale
 
Code Review Best Practices
Code Review Best PracticesCode Review Best Practices
Code Review Best Practices
 
How to Have Code Reviews That Developers Actually Want
How to Have Code Reviews That Developers Actually WantHow to Have Code Reviews That Developers Actually Want
How to Have Code Reviews That Developers Actually Want
 
Code Review
Code ReviewCode Review
Code Review
 
Actor Concurrency Bugs: A Comprehensive Study on Symptoms, Root Causes, API U...
Actor Concurrency Bugs: A Comprehensive Study on Symptoms, Root Causes, API U...Actor Concurrency Bugs: A Comprehensive Study on Symptoms, Root Causes, API U...
Actor Concurrency Bugs: A Comprehensive Study on Symptoms, Root Causes, API U...
 
Code Review
Code ReviewCode Review
Code Review
 
TMPA-2015: Towards a Usable Defect Prediction Tool: Crossbreeding Machine Lea...
TMPA-2015: Towards a Usable Defect Prediction Tool: Crossbreeding Machine Lea...TMPA-2015: Towards a Usable Defect Prediction Tool: Crossbreeding Machine Lea...
TMPA-2015: Towards a Usable Defect Prediction Tool: Crossbreeding Machine Lea...
 
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for JavaSystematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
 
Tech Days 2015: Static Analysis CodePeer
Tech Days 2015: Static Analysis CodePeer Tech Days 2015: Static Analysis CodePeer
Tech Days 2015: Static Analysis CodePeer
 
Proactive Empirical Assessment of New Language Feature Adoption via Automated...
Proactive Empirical Assessment of New Language Feature Adoption via Automated...Proactive Empirical Assessment of New Language Feature Adoption via Automated...
Proactive Empirical Assessment of New Language Feature Adoption via Automated...
 
Code review
Code reviewCode review
Code review
 
Do Bugs Reside in Complex Code?
Do Bugs Reside in Complex Code?Do Bugs Reside in Complex Code?
Do Bugs Reside in Complex Code?
 
Test Driven Development (TDD) Basics
Test Driven Development (TDD) BasicsTest Driven Development (TDD) Basics
Test Driven Development (TDD) Basics
 
Code Review
Code ReviewCode Review
Code Review
 
Data Generation with PROSPECT: a Probability Specification Tool
Data Generation with PROSPECT: a Probability Specification ToolData Generation with PROSPECT: a Probability Specification Tool
Data Generation with PROSPECT: a Probability Specification Tool
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
 
Code Review Matters and Manners
Code Review Matters and MannersCode Review Matters and Manners
Code Review Matters and Manners
 

Andere mochten auch

Case Analysis Report
Case Analysis ReportCase Analysis Report
Case Analysis ReportAshish Sarkar
 
Google+ Profile PageRank: The Real AuthorRank? - SMX Advanced 2013
Google+ Profile PageRank: The Real AuthorRank? - SMX Advanced 2013Google+ Profile PageRank: The Real AuthorRank? - SMX Advanced 2013
Google+ Profile PageRank: The Real AuthorRank? - SMX Advanced 2013Mark Traphagen
 
SEO Strategy and The Hummingbird Effect
SEO Strategy and The Hummingbird EffectSEO Strategy and The Hummingbird Effect
SEO Strategy and The Hummingbird EffectRobin Leonard
 
Introduction to jQuery Mobile
Introduction to jQuery MobileIntroduction to jQuery Mobile
Introduction to jQuery MobileTroy Miles
 
Google+ Authorship Publisher Webinar - Search Influence
Google+ Authorship Publisher Webinar - Search InfluenceGoogle+ Authorship Publisher Webinar - Search Influence
Google+ Authorship Publisher Webinar - Search InfluenceSearch Influence
 
The science of landing pages
The science of landing pagesThe science of landing pages
The science of landing pagesUnbounce
 
Application Logging Good Bad Ugly ... Beautiful?
Application Logging Good Bad Ugly ... Beautiful?Application Logging Good Bad Ugly ... Beautiful?
Application Logging Good Bad Ugly ... Beautiful?Anton Chuvakin
 
Renuglass projects: facade refurbishing before/after
Renuglass projects: facade refurbishing before/afterRenuglass projects: facade refurbishing before/after
Renuglass projects: facade refurbishing before/afterThomas Vaché
 
Introduction to XML, XHTML and CSS
Introduction to XML, XHTML and CSSIntroduction to XML, XHTML and CSS
Introduction to XML, XHTML and CSSJussi Pohjolainen
 
Socket programming in C#
Socket programming in C#Socket programming in C#
Socket programming in C#Nang Luc Vu
 
final case report IO
final case report IOfinal case report IO
final case report IOAsad Abbas
 
Psychology report
Psychology reportPsychology report
Psychology reportThomas Ting
 
Visual Studio Enterprise 2015 Overview atidan
Visual Studio Enterprise 2015 Overview   atidanVisual Studio Enterprise 2015 Overview   atidan
Visual Studio Enterprise 2015 Overview atidanDavid J Rosenthal
 
Narrative report
Narrative reportNarrative report
Narrative reportjoemary
 
26 Social Media Marketing Trends for 2013
26 Social Media Marketing Trends for 201326 Social Media Marketing Trends for 2013
26 Social Media Marketing Trends for 2013DreamGrow Digital
 

Andere mochten auch (20)

Case Analysis Report
Case Analysis ReportCase Analysis Report
Case Analysis Report
 
Briefreportsample
BriefreportsampleBriefreportsample
Briefreportsample
 
Google+ Profile PageRank: The Real AuthorRank? - SMX Advanced 2013
Google+ Profile PageRank: The Real AuthorRank? - SMX Advanced 2013Google+ Profile PageRank: The Real AuthorRank? - SMX Advanced 2013
Google+ Profile PageRank: The Real AuthorRank? - SMX Advanced 2013
 
SEO Strategy and The Hummingbird Effect
SEO Strategy and The Hummingbird EffectSEO Strategy and The Hummingbird Effect
SEO Strategy and The Hummingbird Effect
 
Introduction to jQuery Mobile
Introduction to jQuery MobileIntroduction to jQuery Mobile
Introduction to jQuery Mobile
 
Google+ Authorship Publisher Webinar - Search Influence
Google+ Authorship Publisher Webinar - Search InfluenceGoogle+ Authorship Publisher Webinar - Search Influence
Google+ Authorship Publisher Webinar - Search Influence
 
Css3
Css3Css3
Css3
 
The science of landing pages
The science of landing pagesThe science of landing pages
The science of landing pages
 
Application Logging Good Bad Ugly ... Beautiful?
Application Logging Good Bad Ugly ... Beautiful?Application Logging Good Bad Ugly ... Beautiful?
Application Logging Good Bad Ugly ... Beautiful?
 
Renuglass projects: facade refurbishing before/after
Renuglass projects: facade refurbishing before/afterRenuglass projects: facade refurbishing before/after
Renuglass projects: facade refurbishing before/after
 
Introduction to XML, XHTML and CSS
Introduction to XML, XHTML and CSSIntroduction to XML, XHTML and CSS
Introduction to XML, XHTML and CSS
 
Socket programming in C#
Socket programming in C#Socket programming in C#
Socket programming in C#
 
Intro.net
Intro.netIntro.net
Intro.net
 
final case report IO
final case report IOfinal case report IO
final case report IO
 
OpenGL 4.4 Reference Card
OpenGL 4.4 Reference CardOpenGL 4.4 Reference Card
OpenGL 4.4 Reference Card
 
Psychology report
Psychology reportPsychology report
Psychology report
 
Tables And SQL basics
Tables And SQL basicsTables And SQL basics
Tables And SQL basics
 
Visual Studio Enterprise 2015 Overview atidan
Visual Studio Enterprise 2015 Overview   atidanVisual Studio Enterprise 2015 Overview   atidan
Visual Studio Enterprise 2015 Overview atidan
 
Narrative report
Narrative reportNarrative report
Narrative report
 
26 Social Media Marketing Trends for 2013
26 Social Media Marketing Trends for 201326 Social Media Marketing Trends for 2013
26 Social Media Marketing Trends for 2013
 

Ähnlich wie The Psychology of C# Analysis

Static-Analysis-in-Industry.pptx
Static-Analysis-in-Industry.pptxStatic-Analysis-in-Industry.pptx
Static-Analysis-in-Industry.pptxShivashankarHR1
 
Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening Maven Logix
 
An Introduction To Software Development - Implementation
An Introduction To Software Development - ImplementationAn Introduction To Software Development - Implementation
An Introduction To Software Development - ImplementationBlue Elephant Consulting
 
10 Reasons You MUST Consider Pattern-Aware Programming
10 Reasons You MUST Consider Pattern-Aware Programming10 Reasons You MUST Consider Pattern-Aware Programming
10 Reasons You MUST Consider Pattern-Aware ProgrammingPostSharp Technologies
 
Quality metrics and angular js applications
Quality metrics and angular js applicationsQuality metrics and angular js applications
Quality metrics and angular js applicationsnadeembtech
 
Introducing systems analysis, design & development Concepts
Introducing systems analysis, design & development ConceptsIntroducing systems analysis, design & development Concepts
Introducing systems analysis, design & development ConceptsShafiul Azam Chowdhury
 
Introducing Systems Analysis Design Development
Introducing Systems Analysis Design DevelopmentIntroducing Systems Analysis Design Development
Introducing Systems Analysis Design Developmentbsadd
 
CPP02 - The Structure of a Program
CPP02 - The Structure of a ProgramCPP02 - The Structure of a Program
CPP02 - The Structure of a ProgramMichael Heron
 
ProdSec: A Technical Approach
ProdSec: A Technical ApproachProdSec: A Technical Approach
ProdSec: A Technical ApproachJeremy Brown
 
Code smells and Other Malodorous Software Odors
Code smells and Other Malodorous Software OdorsCode smells and Other Malodorous Software Odors
Code smells and Other Malodorous Software OdorsClint Edmonson
 
Topic production code
Topic production codeTopic production code
Topic production codeKavi Kumar
 
2018-09 - F# and Fable
2018-09 - F# and Fable2018-09 - F# and Fable
2018-09 - F# and FableEamonn Boyle
 
An Overview of automated testing (1)
An Overview of automated testing (1)An Overview of automated testing (1)
An Overview of automated testing (1)Rodrigo Lopes
 
Cleaning Code - Tools and Techniques for Large Legacy Projects
Cleaning Code - Tools and Techniques for Large Legacy ProjectsCleaning Code - Tools and Techniques for Large Legacy Projects
Cleaning Code - Tools and Techniques for Large Legacy ProjectsMike Long
 

Ähnlich wie The Psychology of C# Analysis (20)

Static-Analysis-in-Industry.pptx
Static-Analysis-in-Industry.pptxStatic-Analysis-in-Industry.pptx
Static-Analysis-in-Industry.pptx
 
Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening
 
An Introduction To Software Development - Implementation
An Introduction To Software Development - ImplementationAn Introduction To Software Development - Implementation
An Introduction To Software Development - Implementation
 
Secure Coding in C/C++
Secure Coding in C/C++Secure Coding in C/C++
Secure Coding in C/C++
 
CPP03 - Repetition
CPP03 - RepetitionCPP03 - Repetition
CPP03 - Repetition
 
10 Reasons You MUST Consider Pattern-Aware Programming
10 Reasons You MUST Consider Pattern-Aware Programming10 Reasons You MUST Consider Pattern-Aware Programming
10 Reasons You MUST Consider Pattern-Aware Programming
 
Quality metrics and angular js applications
Quality metrics and angular js applicationsQuality metrics and angular js applications
Quality metrics and angular js applications
 
Introducing systems analysis, design & development Concepts
Introducing systems analysis, design & development ConceptsIntroducing systems analysis, design & development Concepts
Introducing systems analysis, design & development Concepts
 
Traits of a Good Engineer
Traits of a Good EngineerTraits of a Good Engineer
Traits of a Good Engineer
 
Code Inspection
Code InspectionCode Inspection
Code Inspection
 
Introducing Systems Analysis Design Development
Introducing Systems Analysis Design DevelopmentIntroducing Systems Analysis Design Development
Introducing Systems Analysis Design Development
 
Introduction
IntroductionIntroduction
Introduction
 
C_Programming_Notes_ICE
C_Programming_Notes_ICEC_Programming_Notes_ICE
C_Programming_Notes_ICE
 
CPP02 - The Structure of a Program
CPP02 - The Structure of a ProgramCPP02 - The Structure of a Program
CPP02 - The Structure of a Program
 
ProdSec: A Technical Approach
ProdSec: A Technical ApproachProdSec: A Technical Approach
ProdSec: A Technical Approach
 
Code smells and Other Malodorous Software Odors
Code smells and Other Malodorous Software OdorsCode smells and Other Malodorous Software Odors
Code smells and Other Malodorous Software Odors
 
Topic production code
Topic production codeTopic production code
Topic production code
 
2018-09 - F# and Fable
2018-09 - F# and Fable2018-09 - F# and Fable
2018-09 - F# and Fable
 
An Overview of automated testing (1)
An Overview of automated testing (1)An Overview of automated testing (1)
An Overview of automated testing (1)
 
Cleaning Code - Tools and Techniques for Large Legacy Projects
Cleaning Code - Tools and Techniques for Large Legacy ProjectsCleaning Code - Tools and Techniques for Large Legacy Projects
Cleaning Code - Tools and Techniques for Large Legacy Projects
 

Último

2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdfThe Good Food Institute
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxSatishbabu Gunukula
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applicationsnooralam814309
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3DianaGray10
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1DianaGray10
 
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024Brian Pichman
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxNeo4j
 
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfExtra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfInfopole1
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4DianaGray10
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameKapil Thakar
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingMAGNIntelligence
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...DianaGray10
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxNeo4j
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updateadam112203
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)codyslingerland1
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIVijayananda Mohire
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfTejal81
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNeo4j
 

Último (20)

2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptx
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applications
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1
 
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
 
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfExtra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdf
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First Frame
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced Computing
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 update
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAI
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4j
 

The Psychology of C# Analysis

  • 1. The Psychology of C# Analysis Eric Lippert C# Analysis Architect Coverity
  • 4. Intro • Psychological factors in language design… • … and compiler error messages… • … and static analysis tools… • … and funny pictures of cats.
  • 5. Who is this guy? • Compiler developer / language designer at Microsoft from 1996 through 2012 • Visual Basic, VBScript, JScript, VS Tools for Office, C# / Roslyn • Static analysis architect for C# at Coverity since January • I will use “we” totally inconsistently • I have no formal background in static analysis • I take an engineering rather than academic approach
  • 6. This guy is you, not me
  • 10. The business case for C# • Productive, successful professional developers who target Microsoft platforms make those platforms more attractive to Microsoft’s customers • Original design goal was “a simple, modern, general- purpose language” • Any language with an 800 page specification is no longer simple, but modern and general-purpose still apply • Understanding developer psychology is key to achieving wide adoption of any developer tool
  • 11. Target C# Developer Characteristics • Professionals, not amateurs • Engineers, not hackers • Programming experts, not line-of-business experts • Pragmatists, not academics • Skeptics, not true believers • Conservatives, not radicals
  • 13. Conservatism • C# developers hate breaking changes imposed by tools • Even trivial breaking changes are agonized over • In 11 years and 6 releases C# has never added a new reserved keyword • New keywords are contextual so as to not be breaking • This imposes considerable restrictions on new syntaxes • For example, consider iterator blocks: double yield = 123.4; yield return yield;
  • 14. Conservatism • C# app developers also hate breaking their users • Facilitating versionable components was a pri 1 design goal • Numerous seemingly-counterintuitive features actually mitigate brittle-base-class failures: class Base { public void M(int x) { } } class Derived : Base { public void M(double x) { } } ... derived.M(123); // Base.M or Derived.M?
  • 16. Conservatism C# 4.0 added dynamic dispatch to facilitate interoperability with dynamic languages and “legacy” object models • Enormous MVP community pushback • I will use this feature correctly but my coworkers are going to abuse it and then I’m going to have to fix their god-awful hacked-up code • Anything that makes the compiler less capable of finding bugs is met with skepticism and resistance • Completely redesigned based on early feedback
  • 18. Error reporting psychology • Dealing with correct code is literally the smallest problem • “Roslyn” does syntactic analysis of broken code in the time between keystrokes; semantic analysis takes a little longer • Error messages need to be understandable, accurate, polite and diagnostic rather than prescriptive • Let’s take a look at some examples
  • 20. Error reporting psychology A params parameter must be the last parameter in a formal parameter list Is this saying: • If there is a params parameter, it must be the last one? or • The last parameter and only the last parameter must always be a params parameter? Or • The last parameter must be a params parameter; if others are as well, that’s fine too? The error is only clear if the feature is already understood
  • 21. Error reporting psychology Error messages must read the mind of a developer who wrote broken code and figure out what they meant. class C { public virtual static void M(){} }
  • 23. Error reporting psychology Complex operator + (Complex x, Complex y) { ... User-defined operator must be declared static and public • This is an example of a prescriptive error done right • The user absolutely positively has to do this to overload an operator • Odds that they were not trying to overload an operator are low
  • 24. Warnings are harder than errors
  • 25. Warnings are harder than errors • Must infer developers erroneous thoughts • Compiler must be fast • This makes an opportunity for third-party tools • Must be plausibly wrong • A warning for code that no one would reasonably type is unhelpful • Must be able to eliminate warning • And ideally the warning should tell you how • Must have low false positive rate • Encouraging developers to change correct code is harmful • We will return to this point later
  • 26. What do C# developers want? Rigidly defined areas of doubt and uncertainty • Static type checking, type safety, memory safety… • … that can be disabled if necessary. • A compiler that infers developer intent… • … with predictable behavior and understandable rules • Actionable errors when inference fails… • …rather than muddling on through and getting it wrong
  • 27. It hurts because its true
  • 28. C# was originally called SafeC C# throws developers into the “Pit of Success”: • Eliminate unimportant dangerous features entirely • switch fall through • Restrict dangerous features to clearly-marked unsafe code regions • Eliminate implementation-defined behaviours • x = ++x + x++; is well-defined in C# … • …but still a bad idea. • Define common undefined behaviours • Accessing an array out of bounds causes an exception • Mandate compiler warnings There are numerous defects that the Coverity C/C++ analysis checkers detect which are impossible, unlikely, or already warnings in C#. Let’s look at a few dozen. Quickly. These are all defects found by Coverity in C/C++ that are not worth checking in C#…
  • 29. C/C++ defects inapplicable to C#: • Local read before assignment • C# rejects programs that use uninitialized locals • Uninitialized fields / arrays • Fields and arrays are automatically zeroed out • Treating a pointer to a variable as a pointer to an array • Rare, must be marked as unsafe • Buffer length arithmetic errors • Strings and arrays know their lengths; checked at runtime • Pointer/integer/char/bool/enum type errors • Not inter-assignable in C# without explicit cast operators
  • 30. C/C++ defects inapplicable to C#: • Failure to consistently check error return codes • C# uses exceptions • Accidental sign extension • Either error or warning • Implementation-defined side effect order • Side effect order is well-defined • Statement with no effect • is actually a parse time error in C# • Accidental use of ambiguous names • C# requires that a simple name have a unique meaning in a block
  • 31. C/C++ defects inapplicable to C#: • sizeof mistakes • C#’s sizeof operator only takes types • Unintentional switch fall-through • Is an error • Unreachable code • Is a warning • Accidental assignment or comparison of variable to itself • Yep, that’s a warning too • Field never written or never read • Man that’s a lot of warnings • Missing return statement • Is illegal • malloc without free / free without malloc / allocator – deallocator mismatch / use after free • Not needed in a garbage-collected language • Dereferencing an address that lived longer than the storage it refers to • References to variables may not be stored in long-term storage • Accidental use of function pointer • Method group expressions can only be used in strictly limited locations • Overriding errors • The language was designed to mitigate brittle base class failures by default
  • 32. Of course the compiler is not perfect…
  • 33. Defects common to C/C++ and C# • Copy paste mistakes • Expression contains variables but always has the same result • You checked for null here, you dereferenced without checking there. • Some infinite loops • Dangling else and other indentation issues • Array index out of bounds • Integer overflow • checked arithmetic is off by default • Non-memory resource leaks • Such as forgetting to close a file • Stray semicolons • Swapped arguments • Unused return value • Uncaught exception • Missing or misordered critical sections • Including non-atomic operations inconsistently inside critical sections • And many more! And these are just a few that are common to C and C#; there are a whole host of defects specific to C# programs that we could find statically. Let’s consider the psychological aspects of static analysis tools beyond the compiler.
  • 34. Day one training at Coverity
  • 35. Developer Adoption is Key • Soundness is explicitly a non-goal • We don’t want to find all defects or even most defects • We want every defect reported to be a customer-affecting bug • Developers won’t adopt a product that they perceive as making their jobs harder for no customer benefit • Our business model requires adoption to drive renewals • How do developers – who, remember, are using C# because they like a statically-typed language – react to static analysis tools?
  • 36. Developer psychology WRT analysis tools
  • 37. Developer psychology WRT analysis tools • Egotistical • I don’t need this tool for my code • But my coworkers on the other hand… • Clever management uses this trait to advantage
  • 38. Developer psychology WRT analysis tools
  • 39. Developer psychology WRT analysis tools • Skeptical, conservative, dismissive • Resistant to change • Quick to criticize “stupid” false positives • The first five defects they see had better be true positives
  • 40. Developer psychology WRT analysis tools
  • 41. Developer psychology WRT analysis tools • “Busy” with, you know, “real work” • Code annotations are unacceptable • Analysis tool must adapt to customer’s build process • Overnight analysis runs are acceptable – barely
  • 42. Developer psychology WRT analysis tools
  • 43. Developer psychology WRT analysis tools • Any change in what defects are reported on the same code over time – a.k.a. “churn” – is the enemy • Randomized analysis is right out, unfortunately • Any improvement to our analysis heuristics can cause unwanted churn • We try to keep churn below 5% on every release
  • 44. Developer psychology WRT analysis tools
  • 45. Developer psychology WRT analysis tools • Responds well to perverse incentives • Hard-to-understand defect reports are easy to ignore • No downside to incorrectly triaging true positives as false positives • Finding defects is hard; presenting evidence that prevents incorrect classification as a false positive is harder • Deep analysis with theorem provers can be worse than shallow analysis with cheap heuristics. • Presenting the result is insufficient; the developer must understand the proof to fix the defect.
  • 47. Displaying good defect messages public void GetThing(Type type, bool includeFrobs) { bool isFrob = (type != null) && typeof(IFrob).IsAssignableFrom(type); object instance = this.objects[this.name] if (instance is IFrob && includeFrobs) { [...] } else if (type.IsAssignableFrom(instance.GetType()) { [...] }
  • 48. Displaying good defect messages public void GetThing(Type type, bool includeFrobs) { Assuming type is null. type != null evaluated to false. bool isFrob = (type != null) && typeof(IFrob).IsAssignableFrom(type); object instance = this.objects[this.name] instance is IFrob evaluated to true. includeFrobs evaluated to false. if (instance is IFrob && includeFrobs) { [...] } Dereference after null check: dereferencing type while it is null. else if (type.IsAssignableFrom(instance.GetType()) { [...] }
  • 50. Management psychology • The first time static analysis runs there may be thousands of errors; typical rate is one defect per thousand LOC • Academic answer: rank heuristics • Pragmatic answer: ignore them all • Simply ignore all defects in existing code • Triage and fix defects in new code • “Someday” get around to fixing defects in old code • Why is this so popular? • Old code is in the field. It works well enough. Risk is low. • New code is unproven. It might work, or it might not. Risk is high.
  • 52. Management psychology • Management actually pays for the developer tools • And typically has no idea how to use them effectively • Middle management has perverse incentives too • Time, cost and complexity are easily measured; quality is not • “Never upgrade the static analysis tool before release” • Worse tools are better; better tools are worse
  • 53. Worse is better; better is worse KnownDefects Time No tool improvements == Management gets bonus
  • 54. Worse is better; better is worse KnownDefects Time No tool improvements == Management gets bonus Tool upgrades find more defects == Management gets no bonus The fix rate is the same in these two graphs but if the tool improves faster than the fix rate, no bonus.
  • 55. Good news If you have a well-engineered product that: • makes good use of theoretical and pragmatic approaches, • finds real-world, user-affecting defects, and • takes developer and management psychology into account Then you can make a positive difference
  • 57. Special thanks to Scott at BasicInstructions.net
  • 59. Conclusion • Theoretical static analysis techniques are awesome; we can and do use them in industry… • … but doing all that math is actually only one small part of shipping a static analysis product • Understanding developer and management psychology is necessary to ensure adoption of any developer tools • C# was carefully designed to match a target developer mindset • Coverity thinks about developer and manager psychology at every stage in the analysis and overall product design • Research into better ways to present defects would be awesome
  • 60. More information • Learn about Coverity at www.Coverity.com • Read “A Few Billion Lines Of Code Later” • Find me on Twitter at @ericlippert • Or read my C# blog at www.EricLippert.com • Or ask me about C# at www.StackOverflow.com