Thank you all for your good responses.
So, to be even more practical about it, let's turn
from the "infinitely good" static and dynamic tools and look at what the current
state-of-the-art is: Assume I use the C programming language since I guess that
has one of the most comprehensive / well developed tool sets
available.
I go out and buy all existing static tools for C
(still a little theoretical that I don't have a budget constraint,
especially these days :- ) ) and I run them all on my large real-world
application. Of all bugs filed against my application, how many will I find by
running all the static tools ? 5%, 10%, 25% ? (I haven't yet checked the
book reference Bob gave me - thanks!). We assume here that I didn't run the
tools before releasing my product - then the answer would be 0%, I guess
:-)
Thanks again,
- Henrik
|
- Quantifying the potential of static checking Henrik Esbensen
- Re: Quantifying the potential of static checking Daniel Barker
- Re: Quantifying the potential of static chec... Lars Lundgren
- Re: Quantifying the potential of static ... Daniel Barker
- Re: Quantifying the potential of static checking Bill Priest
- Quantifying the potential of static checking Bob Grice
- Re: Quantifying the potential of static checking Henrik Esbensen
- Re: Quantifying the potential of static chec... Derek M Jones
- Re: Quantifying the potential of static chec... Hermann Kleier
- Re: Quantifying the potential of static checkin... Richard A. O'Keefe
- Re: Quantifying the potential of static che... Derek M Jones
- Re: Quantifying the potential of static checking Richard A. O'Keefe
- RE: Quantifying the potential of static checking Broadey Kevin-BKB003