By Pierre-Yves Nicolas on June 29, 2016 » tags bugs, javascript »
Comments Off
Over the last few months, the SonarAnalyzer for JavaScript has made major advances in bug detection. Until recently, it only caught rather simple bugs, like function calls passing extra arguments, which didn’t really need more than a correct identification of symbols. Things changed a lot when we made the analyzer aware of execution flow: in other words, it is now able to determine the precise order of execution inside a JavaScript function and detect bugs based on it.
Read the rest of this page »
By Freddy Mallet on April 13, 2016 » tags bugs, java »
Comments Off
For the past year, the SonarSource team behind the SonarAnalyzer for Java has invested most of its time in developing a Symbolic Execution engine in order to find the kind of tricky bugs that are almost uncatchable by developers unaided.
The SonarAnalyzer for Java’s new symbolic execution engine allows it to statically trace all the execution paths in a piece of code. We’ll probably do a blog post in the near future to explain all the related concepts: Program Point, Program State, Symbolic Value, Control Flow Graph, Stack of Symbolic Values, Constraints on Symbolic Values, … but for the time being let’s just see the engine in action.
Read the rest of this page »
By Freddy Mallet on May 21, 2015 » tags bugs, cobol »
Comments Off
Not long ago, I wrote that COBOL is not a dead language and there are still billions lines of COBOL code in production today. At COBOL’s inception back in 1959, the goal was to provide something close to natural language so that even business analysts could read the code. As a side effect, the language is really, really verbose. Each time a ruby, python or scala developer complains about the verbosity of Java, C# or C++, he should have a look at a COBOL program to see how much worse it could be :). Moreover, since there is no concept of a local variable in COBOL, the ability to factorize common pieces of code in PARAGRAPHS or SECTIONS is limited. In the end, the temptation to duplicate logic is strong. When you combine those two flaws: verbosity and duplicated logic, guess what the consequence is: it’s pretty easy in COBOL to inject bugs in conditions.
Read the rest of this page »
