The Psychology
of C# Analysis
Eric Lippert
C# Analysis Architect
Coverity
Intro
Intro
• Psychological factors in language design…
• … and compiler error messages…
• … and static analysis tools…
• … and ...
Who is this guy?
• Compiler developer / language designer at Microsoft from
1996 through 2012
• Visual Basic, VBScript, JS...
This guy is you, not me
Body
The business case for C#
The business case for C#
• Productive, successful professional developers who target
Microsoft platforms make those platfo...
Target C# Developer Characteristics
• Professionals, not amateurs
• Engineers, not hackers
• Programming experts, not line...
Conservatism
Conservatism
• C# developers hate breaking changes imposed by tools
• Even trivial breaking changes are agonized over
• In...
Conservatism
• C# app developers also hate breaking their users
• Facilitating versionable components was a pri 1 design g...
Conservatism
Conservatism
C# 4.0 added dynamic dispatch to facilitate interoperability
with dynamic languages and “legacy” object model...
Error reporting psychology
FAIL
Error reporting psychology
• Dealing with correct code is literally the smallest problem
• “Roslyn” does syntactic analysi...
Error reporting psychology
Error reporting psychology
A params parameter must be the last
parameter in a formal parameter list
Is this saying:
• If t...
Error reporting psychology
Error messages must read the mind of a developer who
wrote broken code and figure out what they...
Error reporting psychology
Error reporting psychology
Complex operator + (Complex x, Complex y) { ...
User-defined operator must be declared static a...
Warnings are harder than errors
Warnings are harder than errors
• Must infer developers erroneous thoughts
• Compiler must be fast
• This makes an opportu...
What do C# developers want?
Rigidly defined areas of doubt and uncertainty
• Static type checking, type safety, memory saf...
It hurts because its true
C# was originally called SafeC
C# throws developers into the “Pit of Success”:
• Eliminate unimportant dangerous features ...
C/C++ defects inapplicable to C#:
• Local read before assignment
• C# rejects programs that use uninitialized locals
• Uni...
C/C++ defects inapplicable to C#:
• Failure to consistently check error return codes
• C# uses exceptions
• Accidental sig...
C/C++ defects inapplicable to C#:
• sizeof mistakes
• C#’s sizeof operator only takes types
• Unintentional switch fall-th...
Of course the compiler is not perfect…
Defects common to C/C++ and C#
• Copy paste mistakes
• Expression contains variables but always
has the same result
• You ...
Day one training at Coverity
Developer Adoption is Key
• Soundness is explicitly a non-goal
• We don’t want to find all defects or even most defects
• ...
Developer psychology WRT analysis tools
Developer psychology WRT analysis tools
• Egotistical
• I don’t need this tool for my code
• But my coworkers on the other...
Developer psychology WRT analysis tools
Developer psychology WRT analysis tools
• Skeptical, conservative, dismissive
• Resistant to change
• Quick to criticize “...
Developer psychology WRT analysis tools
Developer psychology WRT analysis tools
• “Busy” with, you know, “real work”
• Code annotations are unacceptable
• Analysi...
Developer psychology WRT analysis tools
Developer psychology WRT analysis tools
• Any change in what defects are reported on the same code
over time – a.k.a. “chu...
Developer psychology WRT analysis tools
Developer psychology WRT analysis tools
• Responds well to perverse incentives
• Hard-to-understand defect reports are eas...
Displaying good defect messages
Displaying good defect messages
public void GetThing(Type type, bool includeFrobs)
{
bool isFrob = (type != null) &&
typeo...
Displaying good defect messages
public void GetThing(Type type, bool includeFrobs)
{
Assuming type is null.
type != null e...
Management psychology
Management psychology
• The first time static analysis runs there may be thousands
of errors; typical rate is one defect p...
Management psychology
Management psychology
• Management actually pays for the developer tools
• And typically has no idea how to use them effec...
Worse is better; better is worse
KnownDefects
Time
No tool improvements ==
Management gets bonus
Worse is better; better is worse
KnownDefects
Time
No tool improvements ==
Management gets bonus
Tool upgrades find more d...
Good news
If you have a well-engineered product that:
• makes good use of theoretical and pragmatic approaches,
• finds re...
Conclusion
Special thanks to Scott at BasicInstructions.net
Conclusion
Conclusion
• Theoretical static analysis techniques are awesome; we can
and do use them in industry…
• … but doing all tha...
More information
• Learn about Coverity at www.Coverity.com
• Read “A Few Billion Lines Of Code Later”
• Find me on Twitte...
Copyright 2013 Coverity, Inc.
Copyright 2013 Coverity, Inc.
Copyright 2013 Coverity, Inc.
Nächste SlideShare
Wird geladen in …5
×

Copyright 2013 Coverity, Inc. The Psychology of C# Analysis

29.831 Aufrufe

Veröffentlicht am

Copyright 2013 Coverity, Inc.

Veröffentlicht in: Technologie
0 Kommentare
27 Gefällt mir
Statistik
Notizen
  • Als Erste(r) kommentieren

Keine Downloads
Aufrufe
Aufrufe insgesamt
29.831
Auf SlideShare
0
Aus Einbettungen
0
Anzahl an Einbettungen
2.404
Aktionen
Geteilt
0
Downloads
214
Kommentare
0
Gefällt mir
27
Einbettungen 0
Keine Einbettungen

Keine Notizen für die Folie

×