Skip to main content
View All Resources
Webinar: Tit for Tat: How (not) to bully a Static Analysis Tool

Webinar: Tit for Tat: How (not) to bully a Static Analysis Tool

Modern static analysis tools are able to spot a large number of critical runtime defects such as null pointer dereferences, overflows, uses of uninitialized memory and divisions by zero, by using advanced techniques like Abstract Interpretation. Since the applied analyses necessarily overapproximate the behaviour of a program, they also might report false positives, i.e. program locations at which a reported defect never occurs during runtime of the program, but the analysis cannot exclude a defect at this location for sure. As issue reports usually induce manual review or rework of the code, it is highly desirable to keep the number of false positives small.

In this webinar we show examples of coding patterns that make the life of a static analysis tool complicated and might cause an increase of false positives. We investigate examples of numerical computations and usages of memory-related constructs that are difficult to analyze and investigate challenging control flow constructs. As an example from practice we take a look at the implementation of a message-passing primitive and check how well it can be analyzed. Vice versa, we also point out ways to avoid the painful patterns and to make life easier for the analysis tool (and consequently, its users).

Author: Dr. Andreas Gaiser is Senior Research and Development Engineer and Dr. Daniel Simon is Head of Professional Services at Axivion.

More information on the Axivion tools can be found here. Please do not hesitate to contact us if you would like to get a free demo or have any questions regarding our products.

Oh, here is more

Webinar: EU Cyber Resilience Act (CRA): Are You Prepared?

Webinar: EU Cyber Resilience Act (CRA): Are You Prepared?

An informational webinar for companies that make and sell products with digital elements.

Watch Video
Webinar: What Breaks (and What Holds) in MedTech – Engineering Techniques for Problems You'll Actually Face

Webinar: What Breaks (and What Holds) in MedTech – Engineering Techniques for Problems You'll Actually Face

Developing software for medical devices demands strict reliability, consistent performance, and regu...

Watch Video
Webinar: FactoryPulse: Deploying Vision AI and Generative AI at the Industrial Edge with Qt, Qualcomm, and Edge Impulse

Webinar: FactoryPulse: Deploying Vision AI and Generative AI at the Industrial Edge with Qt, Qualcomm, and Edge Impulse

A deep dive into running concurrent Vision AI, GenAI with Retrieval-Augmented Generation (RAG), and ...

Watch Video
Webinar: Survivre aux défis du développement logiciel en MedTech : solutions pour garantir fiabilité et performance.

Webinar: Survivre aux défis du développement logiciel en MedTech : solutions pour garantir fiabilité et performance.

Le développement de logiciels pour dispositifs médicaux exige une fiabilité à toute épreuve, des per...

Watch Video