Tit for Tat: How (Not) to Bully a Static Analysis Tool with Andreas Gaiser & Dr. Daniel Simon
Abstract: Are you mistreating your static analysis tool? Modern static analysis tools are able to spot a large number of critical runtime defects (e.g. overflows or divisions by zero). However, they may report false positives, which result in a manual review or rework of the code. We show examples of coding patterns that can make the life of a static analysis tool complicated and might cause an increase in false positives - and also what to do to help the tool. As an example from practice, we take a look at the implementation of a message-passing primitive and check how well it can be analyzed. The aim: make life easier for the analysis tool – and you.
About the Speakers: Andreas Gaiser obtained his Ph.D. in computer science from TU Munich, doing research in program analysis and formal verification. In 2013 he joined Axivion GmbH – now Qt Group – where he leads the developer team working on semantic analyses and architecture verification. Dr. Daniel Simon studied computer science at Saarland University and the University of Stuttgart. He started working on the research project that lead to the founding of Axivion in 2000 and after a short break during which he consulted various companies on quality management, he took over responsibility for the company’s Professional Services in 2014. Thanks to his extensive experience in architecture management of IT and embedded software systems and his excellent communication skills, he and his team support Qt Quality Assurance customers in implementing and evolving sustainable software development. Their activities cover both technology advances as well as improvement of development processes.
.webp)
