Episode 59: Static Code Analysis

This episode is a discussion with Jonathan Aldrich (Assistant
Professor at CMU) about static analysis. The discussion covered
theory as well as practice and tools. We started with an
explanation of what static analysis actually is, which kinds of
errors it can find and how it is different from testing and
reviews. The core challenge of such an analysis tool is to
understand the semantics of the program and reduce its possible
state space to make it analysable - in effect reconstructing the
programmer's intent from the code. The user can "help" the tool
with this challenge by using suitable annotations; also, languages
could do a better job of being analysable. The conceptual
discussion was concluded by looking at the principles of static
analysis (termination, soundness. precision) and how this approach
relates to model analysis. The second more practical part started
out with a discussion of how Microsoft successfully uses static
analysis in their Windows development. We then discussed some of
the tools available; these include Findbugs, Coverity, Codesonar,
Clockwork, Fortify, Polyspace and Codesurfer. To conclude the
discussion of tools, we discussed the commonalities and differences
with architecture visualization tools as well as metrics and
heuristics. Part three of the discussion briefly looked at how to
introduce static analysis tools into an organization's development
process and tool chain. We concluded the discussion by looking at
situations where static analysis does not work, as well as at the
FLUID research project at CMU.