Comments on: My Programming Lessons – #2 – Be Paranoid About Your Code

By: Amit

Amit — Mon, 30 Apr 2007 06:28:48 +0000

No, I wasn’t aware of it :) Nice touch by the WordPress people (I also fixed up your comment).

Luckily, I also have the Akismet plugin which filters spam, so you don’t see any crap here.

Static analysis can only go so far, I believe. Imagine a program that is supposed to run for a week non-stop and there’s a bug found 3 days after the place in the program where it originated. It is not related to static correctness, but to a logical mistake.

Dynamic analysis is great. I love Insure++ (http://www.parasoft.com/jsp/products/home.jsp?product=Insure) and Purify (http://www-306.ibm.com/software/awdtools/purify/) but these tools change your program’s behavior in the sense that they change program timing so you might not encounter the bugs if they are related to race conditions.

Another things is that these tools emit so many “possible bugs” it’s sometimes hard to distinguish real problems from non-issues. I usually use them when I see some kind of corruption (e.g. memory overrun), which is a classis case where these tools help.

By: Ariel Cohen

Ariel Cohen — Mon, 30 Apr 2007 02:04:07 +0000

Are you aware of this: “Sorry, you can only post a new comment once every 15 seconds. Slow down cowboy.”?

By: Ariel Cohen

Ariel Cohen — Mon, 30 Apr 2007 02:03:18 +0000

What about static/dynamic analyzers?

By: rom

rom — Sun, 29 Apr 2007 06:59:45 +0000

Great post. I’d also add that usually these sanity checks cost nothing, i mean NOTHING with regard to performance. Do not save those nanoseconds unless you REALLY REALLY REALLY have too. In other words “We should forget about small efficiencies, say about 97% of the time: premature optimization is the root of all evil.” (from http://en.wikipedia.org/wiki/Code_Complete)