-
Most modern languages quietly convert types for you: an integer becomes a float, a signed value becomes unsigned, a 32-bit number squeezes into 8 bits. The compiler is not at fault, the language permits it. These implicit casts are valid code, and they… read more …
-
Not all MISRA rules are equal. Some can be checked perfectly by any tool, others are fundamentally impossible to verify with certainty. Knowing the difference saves you from arguing with your tool and tells you when your compliance is at risk, or when… read more …
-
Coding Guidelines are always useful. If you feel differently, you are doing it wrong. In this second article on that topic, we discuss how to reduce warnings and how to take valid shortcuts in your compliance process. In the end, it isn’t so… read more …
-
Coding guidelines are always useful. If you feel differently, you are doing it wrong. In this article, I show how to significantly reduce the developer burden and make the guidelines work for you, instead of you working for them. We cover different types… read more …
-
In this article, I share a simple trick that reduces warnings in your Static Analysis tool, without compromising safety. You will learn how to inject new facts into your Static Analyzer, which can save you many hours of review work, as well as… read more …
-
After Static Analysis has found a bug, it must make assumptions about how to continue the analysis. In this article, we learn about a common “filtering effect” and the pitfalls around it. At the end of this article, you will not only understand… read more …
-
Have you ever wished that you could find every bug in your software, fix each of them, and have a perfect piece of software? This article explains how this is possible with Formal Methods, why you might already use them without knowing it,… read more …
-
GenAI will not replace Static Analysis. Yes, GenAI can understand code in any language, and also knows about unsafe programming patterns. But it is not reliable enough to reason about bugs in your code, just like humans. Instead, it has other strengths that… read more …
-
Defensive coding improves software quality, but it has downsides. In this article we discuss why it fits well together with Static Analysis, and how both make each other stronger. The result is more robust software, and less warnings from your Static Analysis tool.… read more …
-
The big weakness of Static Analysis is, that it can throw needless warnings, even if our software is “perfect”. In this article, we learn why Static Analysis must do that, why it can be wiser to change your code instead of managing warnings,… read more …
