Category: General
-
Adding a static analyzer to your coding agent’s loop changes how the agent behaves. Besides catching bugs, you can see that the token bill shifts, the agent is more focused, and it reduces code bloat. By the end of this post, you will understand all three shifts, know how to design the integration that delivers…
-
A coding agent that reviews its own output carries the same blind spots into the review that produced the bugs in the first place. That is not verification: it is the same bias running twice. A static analyzer breaks that loop. It runs locally and cannot hallucinate a finding. Moving it from CI into the…
-
Most modern languages quietly convert types for you: an integer becomes a float, a signed value becomes unsigned, a 32-bit number squeezes into 8 bits. The compiler is not at fault, the language permits it. These implicit casts are valid code, and they are also a major source of bugs. By the end of this…
-
Not all MISRA rules are equal. Some can be checked perfectly by any tool, others are fundamentally impossible to verify with certainty. Knowing the difference saves you from arguing with your tool and tells you when your compliance is at risk, or when you are making a fool of yourself. After two articles (part 1,…
-
Coding Guidelines are always useful. If you feel differently, you are doing it wrong. In this second article on that topic, we discuss how to reduce warnings and how to take valid shortcuts in your compliance process. In the end, it isn’t so bad, and you may get more safety without pulling out your hair.…
-
Coding guidelines are always useful. If you feel differently, you are doing it wrong. In this article, I show how to significantly reduce the developer burden and make the guidelines work for you, instead of you working for them. We cover different types of guidelines, common setup problems in Static Analysis tools, and explain how…
-
In this article, I share a simple trick that reduces warnings in your Static Analysis tool, without compromising safety. You will learn how to inject new facts into your Static Analyzer, which can save you many hours of review work, as well as the pitfalls that must be avoided. Static Analysis can create a lot…
-
After Static Analysis has found a bug, it must make assumptions about how to continue the analysis. In this article, we learn about a common “filtering effect” and the pitfalls around it. At the end of this article, you will not only understand why bugs can hide other bugs, but also why that is not…
-
GenAI will not replace Static Analysis. Yes, GenAI can understand code in any language, and also knows about unsafe programming patterns. But it is not reliable enough to reason about bugs in your code, just like humans. Instead, it has other strengths that make it a powerful companion for Static Analysis. In the past years,…
-
Defensive coding improves software quality, but it has downsides. In this article we discuss why it fits well together with Static Analysis, and how both make each other stronger. The result is more robust software, and less warnings from your Static Analysis tool. Defensive coding has crossed my way during my early career when I…
