Skip to main content
View All Resources

Tit for Tat: How (Not) to Bully a Static Analysis Tool with Andreas Gaiser & Dr. Daniel Simon

Abstract: Are you mistreating your static analysis tool? Modern static analysis tools are able to spot a large number of critical runtime defects (e.g. overflows or divisions by zero). However, they may report false positives, which result in a manual review or rework of the code. We show examples of coding patterns that can make the life of a static analysis tool complicated and might cause an increase in false positives - and also what to do to help the tool. As an example from practice, we take a look at the implementation of a message-passing primitive and check how well it can be analyzed. The aim: make life easier for the analysis tool – and you.

About the Speakers: Andreas Gaiser obtained his Ph.D. in computer science from TU Munich, doing research in program analysis and formal verification. In 2013 he joined Axivion GmbH – now Qt Group – where he leads the developer team working on semantic analyses and architecture verification. Dr. Daniel Simon studied computer science at Saarland University and the University of Stuttgart. He started working on the research project that lead to the founding of Axivion in 2000 and after a short break during which he consulted various companies on quality management, he took over responsibility for the company’s Professional Services in 2014. Thanks to his extensive experience in architecture management of IT and embedded software systems and his excellent communication skills, he and his team support Qt Quality Assurance customers in implementing and evolving sustainable software development. Their activities cover both technology advances as well as improvement of development processes.

Oh, here is more

Podcast: Speed vs. Functional Safety in Automotive Software Development: Are OEMs Solving the Wrong Problem?

Podcast: Speed vs. Functional Safety in Automotive Software Development: Are OEMs Solving the Wrong Problem?

Speed vs. Functional Safety in Automotive Software Development: Are OEMs Solving the Wrong Problem? ...

Watch Video
Webinar: What’s Next in Test Automation? Practical Insights from Richard Bradshaw

Webinar: What’s Next in Test Automation? Practical Insights from Richard Bradshaw

What's Next in Test Automation: Practical Insights with Richard Bradshaw Join Richard Bradshaw (The ...

Watch Video
Taint Analysis: Closing the Gaps Before Attackers Find Them

Taint Analysis: Closing the Gaps Before Attackers Find Them

How Taint Analysis Helps Secure Applications: Data flow tracking explained with CWE examples Insecur...

Watch Video
Learn How to Use Automation Strategy Canvas from Richard Bradshaw — Watch the Free Tutorial (No Sign Up)

Learn How to Use Automation Strategy Canvas from Richard Bradshaw — Watch the Free Tutorial (No Sign Up)

Join Richard Bradshaw, the strong voice of Automated Testing, in this free tutorial and learn how to...

Watch Video