Thinking Outside the Box  

Posted on


Way back in the before-time, I managed development (and developed, too) at a particular company that was top in its field at the time.

This company had an very large aging code-base. It was rapidly approaching the point where patches and fixes just weren’t quite enough . In fact, they’d hired a bunch of bright people to address exactly that problem.

As it happened, someone quite a bit brighter than I, who went on to do some great things, was trying to refactor some code. And he was having problems. It seemed that the refactored code kept running into annoying null pointer problems. This was mostly the result of bad architectural decisions — just the kind we knew needing fixing.

Our CFO, who was a CPA and not dim himself, asked me a question. Could we, he asked, write some sort of program that would look at our code, and detect where these problems would happen? Then (to him) it would be a simple matter of fixing the bugs.

My answer to him was, and I quote, “Rick, if I could do that, I’d quit today and be a millionaire by Christmas.”

Needless to say, that didn’t happen.

I explained some Computational complexity theory to him. He laughed and agreed that it wouldn’t be practical. I did end up writing a program that at least went through and tried hard to find where our pesky pointers were originating, being used, and being disposed of. It was definitely not production code, and only worked because our developers were fairly disciplined in how they structured our source. It required a fair bit of hand holding to make it run. And in the end, it would have just taken too much time to correct the problems. We never did manage the refactoring.

When I began at GrammaTech a few months ago, I had occasion to think about Rick and what I’d told him. Had I been mistaken? Could there, at that time, have been a program that could helped us?

It turns out that Codesonar was released nearly 10 years after my conversation with Rick. So I’m safe. I didn’t lie to him. And now I work on a project that I once denied could exist. That other company? It went out of existence within 3 years after that conversation (but I was gone by then).

There’s a lesson in there somewhere, I’m sure.

Related Posts

Check out all of CodeSecure’s resources and stay informed.

view all posts

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now