On Mon, Jul 15, 2013 at 9:55 AM, Piren <gpi...@gmail.com> wrote: > I agree with pretty much with everything you said, but: > > -Since this is Android Developers, we can probably agree that current static > analysis tools for android are not that helpful for the vast majority of > applications... I did not try to imply it is worthless for everyone :) > > - I also didnt imply that static analysis is supposed to test UI, these are > a whole different set of tools as both of us agree. But static analysis can > be used to figure out if the UI model works with the codebehind it has. I'm > not looking for correctness of intended used, but the correctness of the > implemented code, with relation to its attached UI. This is exactly what > google are doing little by little with LINT. > > - My last paragraph meant exactly what you said... Since the code does not > have the proper summaries (as the OP mentioned), static analysis tools would > still need to parse the source just to tell whether a returned value will > actually return. If anything, if an SA tool would rely on google apis, there > would probably be quite a bit of mistakes due to the fact some of the > documentation is just wrong. > > In short - SA is very cool, but not very useful currently for the average > android developer :)
Great! I just wanted to alleviate the aversion to using static analysis for anything, as many people do. Just a small (hopefully not too tangential comment) from your last paragraph. Static analysis API summaries are almost never generated from documentation for exactly this reason: people very often find the documentation is plain wrong when doing analysis. Generally people will write annotations for static analyzers using a mix of different ad hoc techniques (there is, of course, some work that aims to fix this, but it's not production ready). In particular, while documentation works for some things (e.g., what should be called when, etc...), it can't usually specify finer grained things needed to make analysis work (e.g., nearly every analysis for java relies on a points-to graph, which is never written down in documentation). There are, at this time, some (rumored to be) production ready tools for Android: previous attempts mostly take Java SA and shoehorn it on to the Android API: - http://www.juliasoft.com/ - https://dexter.bluebox.com/ I can't vouch for either very thoroughly, but given the amount of funding pushed by various organizations, I feel confident more will pop up in the future. Kris -- -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en --- You received this message because you are subscribed to the Google Groups "Android Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-developers+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
