Tag: static analysis

Episode 494: Robert Seacord on Avoiding Defects in C Programming

Filed in Episodes by on January 12, 2022 0 Comments
Episode 494: Robert Seacord on Avoiding Defects in C Programming

Robert Seacord, author of Effective C, The CERT C Coding Standard, and Secure Coding in C and C++, discusses the top 5 security issues and the tools and techniques you can employ to write secure code in C. Host Gavin Henry spoke with Seacord about the C standards, strings, arrays of chars, null pointers, buffer […]

Continue Reading »

Episode 490: Tim McNamara on Rust 2021 Edition

Filed in Episodes by on December 15, 2021 0 Comments
Episode 490: Tim McNamara on Rust 2021 Edition

Tim McNamara, author of Rust in Action, an introduction Rust for programmers who have never used a systems programming language, discusses the top three benefits of Rust and why they make it a performant, reliable and productive programming language. Host Gavin Henry spoke with McNamara about its rich type system, ownership models, memory safety, thread […]

Continue Reading »

Episode 115: Architecture Analysis

Filed in Episodes by on October 28, 2008 7 Comments
Episode 115: Architecture Analysis

During Evolution of a software system, it becomes more and more difficult to understand the originally planned software architecture. Often an architectural degeneration happens because of various reasons during the development phases. In this session we will be looking how to avoid such architectural decay and degeneration and how continuous monitoring can improve the situation (and avoid architectural violations). In addition we will look at “refactoring in the large” and how refactoring can be simulated. A new family of “lint like tools for software architectures” is currently emerging in the marketplace I will show some examples and how they scale and support you in real world projects.

Continue Reading »

Episode 59: Static Code Analysis

Filed in Episodes by on June 16, 2007 3 Comments
Episode 59: Static Code Analysis

This episode is a discussion with Jonathan Aldrich (Assistant Professor at CMU) about static analysis. The discussion covered theory as well as practice and tools. We started with an explanation of what static analysis actually is, which kinds of errors it can find and how it is different from testing and reviews. The core challenge of such an analysis tool is to understand the semantics of the program and reduce its possible state space to make it analysable – in effect reconstructing the programmer’s intent from the code. The user can “help” the tool with this challenge by using suitable annotations; also, languages could do a better job of being analysable. The conceptual discussion was concluded by looking at the principles of static analysis (termination, soundness. precision) and how this approach relates to model analysis.

The second more practical part started out with a discussion of how Microsoft successfully uses static analysis in their Windows development. We then discussed some of the tools available; these include Findbugs, Coverity, Codesonar, Clockwork, Fortify, Polyspace and Codesurfer. To conclude the discussion of tools, we discussed the commonalities and differences with architecture visualization tools as well as metrics and heuristics.

Part three of the discussion briefly looked at how to introduce static analysis tools into an organization’s development process and tool chain. We concluded the discussion by looking at situations where static analysis does not work, as well as at the FLUID research project at CMU.

Continue Reading »