First let’s find out something about you:
- Are NullPointerException, Classcast and Cross-site scripting part of your everyday vocabulary? Read on, you’re in the right place!
- Looking for bedbugs, beetles or fire ants instead? Sorry, we don’t find those… (yet)
A few words about us
We are a team of people working with static analysis in a young research-based company Julia. About a year ago we were acquired by a large company, and this move of course had a massive impact on us. All of a sudden we became part of something where there are separate offices for things like sales, marketing, personnel, procurement… there are even people who will book your train ticket for you.
For us this was like landing on Mars.
Until then, for us the company WAS the technical unit. We only talked about R&D stuff. Admin consisted in taking turns googling how to fill in tax returns.
And what does this have to do with the blog?
After the acquisition, we realized that what we thought was R&D, was actually mostly R. We had to admit that in the real world priorities aren’t dictated by scientific rigor alone. Sometimes resolving a “trivial” installation issue actually IS more important than cutting the false positive rate for Reflection Injections by 0.042%.
These past 18 months have been a tremendous learning curve and we are constantly balancing between The Science and The Market. Finding ways to compromise while keeping true to our underlying scientific basis has been, and still is, a bumpy ride.
Thus the blog: we wanted to create a place where to share our experience and discuss some of the issues we face with other like-minded people. Being extremely niche, static analysis is not something you can really chat about with your next door neighbor.
And finally, to be completely honest, we secretly hope to find some other total geeks who can’t wait to hear more about those 0.042% and how we achieved it…
Let’s get started
We’ll mostly be talking about the nits and grits of [sound] static analysis. We do it for Java (also for Android and .Net, but we’ll get back to that later) using abstract interpretation and we’re quite happy with how we’re getting on.
As one of our first topics, we will introduce a series based on an interview of Prof Patrick Cousot, the originator of the technique of abstract interpretation.
Also in the pipeline: “Codemotion Debugging Challenge” to all our Java-coder-readers (a big success at Codemotion Milan last week!), the “Black Book of Real-Life Coding Errors”, and my favorite “Does your application come complete with SQL-Injection?”
And of course (you knew it was coming): Find All Bugs vs. Find Some Bugs.