I am Dave Jing Tian, an Assistant Professor in the Department of Computer Science at Purdue University working on system security. My research involves embedded systems, operating systems, and trusted computing. All opinions are my own.
- 192,314 hits
All blogs on this website are licensed under a Creative Commons Attribution 4.0 International License.
Category Archives: Static Code Analysis
We are recently trying to find a tool providing the ability for concurrency issue detection. For this topic, generally, I believe in 3 steps: 1. CPR (capacity, performance, redundancy) testing, 2. Static code analysis, 3. Dynamic code analysis. CPR testing … Continue reading
We have already had a long discussion and argument for ‘include’ mechanism in C/C++, no matter good or bad, and this is not my intention here. I am writing this post to show a confusing compiler error we have recently … Continue reading
cccmt is used to parse the METRICS.errors.xml generated by cov-analyze of Coverity to produce a Code Complexity Metrics (CCM) report of different functions. SAX is used to parse XML file instead of DOM as the XML file may be very … Continue reading
Recently we encountered a serious bug like the code below – destructor function delete one member ptr, which was never init’d. At first, we were assuming checker UNINIT could help figure it out as we do not see any difference … Continue reading
This post shows a potential bug in printing unsigned long long, which cost David, Leo and me a few days for debugging. One product got segv on cPSB lab – a platform based on MontaVista Linux and PowerPC CPU. Back … Continue reading
A recent software bug caused a serious data damage in our customer’s side, which is using an uninit sturcture member. This post gives a practical comparison between kinds of static code analysis tools for this specific bug among popular commerical … Continue reading