
doi: 10.1109/ms.2006.114
Programmers usually employ static checkers, it checks our programs for errors without executing them, in a process called static code analysis. In this way, it works with a program that has an initial indication of correctness (because it compiles) and try to avoid well-known traps and pitfalls before measuring it against its specifications (when it's tested). We use FindBugs, a popular open source static code checker for Java. Static code checkers in Java come in two flavors: those that work directly on the program source code and those that work on the compiled bytecode. Although each code checker works in its own way, most share some basic traits. They read the program and construct some model of it, a kind of abstract representation that they can use for matching the error patterns they recognize. They also perform some kind of data-flow analysis, trying to infer the possible values that variables might have at certain points in the program. Data-flow analysis is especially important for vulnerability checking, an increasingly important area for code checkers
| selected citations These citations are derived from selected sources. This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically). | 94 | |
| popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network. | Top 1% | |
| influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically). | Top 1% | |
| impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network. | Average |
