Tag: static analysis
Episode 494: Robert Seacord on Avoiding Defects in C Programming
Robert Seacord, author of Effective C, The CERT C Coding Standard, and Secure Coding in C and C++, discusses the top 5 security issues and the tools and techniques you can employ to write secure code in C. Host Gavin Henry spoke with Seacord about the C standards, strings, arrays of chars, null pointers, buffer […]
Episode 490: Tim McNamara on Rust 2021 Edition
Tim McNamara, author of Rust in Action, an introduction Rust for programmers who have never used a systems programming language, discusses the top three benefits of Rust and why they make it a performant, reliable and productive programming language. Host Gavin Henry spoke with McNamara about its rich type system, ownership models, memory safety, thread […]
Episode 115: Architecture Analysis
During Evolution of a software system, it becomes more and more difficult to understand the originally planned software architecture. Often an architectural degeneration happens because of various reasons during the development phases. In this session we will be looking how to avoid such architectural decay and degeneration and how continuous monitoring can improve the situation (and avoid architectural violations). In addition we will look at “refactoring in the large” and how refactoring can be simulated. A new family of “lint like tools for software architectures” is currently emerging in the marketplace I will show some examples and how they scale and support you in real world projects.
Episode 59: Static Code Analysis
This episode is a discussion with Jonathan Aldrich (Assistant Professor at CMU) about static analysis. The discussion covered theory as well as practice and tools. We started with an explanation of what static analysis actually is, which kinds of errors it can find and how it is different from testing and reviews. The core challenge of such an analysis tool is to understand the semantics of the program and reduce its possible state space to make it analysable – in effect reconstructing the programmer’s intent from the code. The user can “help” the tool with this challenge by using suitable annotations; also, languages could do a better job of being analysable. The conceptual discussion was concluded by looking at the principles of static analysis (termination, soundness. precision) and how this approach relates to model analysis.
The second more practical part started out with a discussion of how Microsoft successfully uses static analysis in their Windows development. We then discussed some of the tools available; these include Findbugs, Coverity, Codesonar, Clockwork, Fortify, Polyspace and Codesurfer. To conclude the discussion of tools, we discussed the commonalities and differences with architecture visualization tools as well as metrics and heuristics.
Part three of the discussion briefly looked at how to introduce static analysis tools into an organization’s development process and tool chain. We concluded the discussion by looking at situations where static analysis does not work, as well as at the FLUID research project at CMU.
SE Radio Alerts
