Category: General
-
Most modern languages quietly convert types for you: an integer becomes a float, a signed value becomes unsigned, a 32-bit number squeezes into 8 bits. The compiler is not at fault, the language permits it. These implicit casts are valid code, and they are also a major source of bugs. By the end of this…
-
Not all MISRA rules are equal. Some can be checked perfectly by any tool, others are fundamentally impossible to verify with certainty. Knowing the difference saves you from arguing with your tool and tells you when your compliance is at risk, or when you are making a fool of yourself. After two articles (part 1,…
-
Coding Guidelines are always useful. If you feel differently, you are doing it wrong. In this second article on that topic, we discuss how to reduce warnings and how to take valid shortcuts in your compliance process. In the end, it isn’t so bad, and you may get more safety without pulling out your hair.…
-
Coding guidelines are always useful. If you feel differently, you are doing it wrong. In this article, I show how to significantly reduce the developer burden and make the guidelines work for you, instead of you working for them. We cover different types of guidelines, common setup problems in Static Analysis tools, and explain how…
-
In this article, I share a simple trick that reduces warnings in your Static Analysis tool, without compromising safety. You will learn how to inject new facts into your Static Analyzer, which can save you many hours of review work, as well as the pitfalls that must be avoided. Static Analysis can create a lot…
-
After Static Analysis has found a bug, it must make assumptions about how to continue the analysis. In this article, we learn about a common “filtering effect” and the pitfalls around it. At the end of this article, you will not only understand why bugs can hide other bugs, but also why that is not…
-
GenAI will not replace Static Analysis. Yes, GenAI can understand code in any language, and also knows about unsafe programming patterns. But it is not reliable enough to reason about bugs in your code, just like humans. Instead, it has other strengths that make it a powerful companion for Static Analysis. In the past years,…
-
Defensive coding improves software quality, but it has downsides. In this article we discuss why it fits well together with Static Analysis, and how both make each other stronger. The result is more robust software, and less warnings from your Static Analysis tool. Defensive coding has crossed my way during my early career when I…
-
The big weakness of Static Analysis is, that it can throw needless warnings, even if our software is “perfect”. In this article, we learn why Static Analysis must do that, why it can be wiser to change your code instead of managing warnings, and some tricks to keep your sanity in the process. I often…
-
Since there is “Static” Analysis, does “Dynamic” Analysis also exist? Yes, it does. However, Static Analysis is much better suited to help writing better software. It is truly independent from human limitations, and can easily be used during early development. But Dynamic Analysis has its place, too… Let’s start with a concrete task. Assume I…
