The Computer Is Your Friend!
rzwitserloot posted in programming on May 3rd, 2006

Here’s an interesting story: X Window System has a critical security bug. Interesting, because of the way it was found: An automated code analyser noticed that some parentheses weren’t correctly formatted. The red flag generated by this automated analyser led to the discovery of this bug.

Needless to say it would be even nicer if such a code analyser runs as-you-type your code, instead of an afterthought like this. In effect this is a lot like Eclipse’s java warnings, especially if you throw in an extended set such as Argus Code Watch.

The vast majority of automated tests that currently exist or should be possible to write depend in no small amount on the analysable information in a code fragment. For obvious reasons, dynamic languages tend to have far less practically analysable elements in any given line of code. One mans kludge is, apparently, another man’s critical security vulnerability.