The Title of the linked article might sound a bit gloomy but, the content is not. It discusses two types of issues that are generally missed or not addressed.
SNIPPETS from the Article:-
Some bugs, including race conditions, which can occur in concurrent software can't be reliably detected by testing. Ten tests wouldn't be enough. Nor would 100, or even 1,000
Concurrent applications display non-deterministic behavior. They don't always yield the same results.
Despite the capability of static analysis tools to draw concurrency bugs and serious security vulnerabilities to developers' attention during the development phase, their use is far less widespread than one might imagine. The reason isn't cost considerations but, rather, because they can often highlight an unmanageable number of possible problems — hundreds or even thousands — that must then be analyzed, prioritized and fixed (if necessary). Among them are likely a proportion, perhaps 10 percent, which are false positives.
The links below has more information:
No comments:
Post a Comment