The author explains the static program analysis methodology at the fundamental level through the halting problem. Static analysis from this viewpoint is an attempt to predict the program behavior and therefore to solve the halting problem for particular cases. The author uses an example of determining register signs in a sample program written in a simple machine language to show how static analysis fulfills this task. At the end of the article, there is a set of exercises to involve the readers into further improving the author's algorithm and thus acquire a better understanding of its principles.
Static analysis is a valuable methodology of bug fixing, but, as the article author claims, it offers important challenges to developers. These challenges relate more to psychological and social aspects of human behavior rather than technical issues. It means that programmers in a company which is going to use static analysis will tend to resist the changes caused by accepting a new practice and discipline implied by use of a static analysis tool. Flash Sheridan describes methods to avoid these issues or reduce their impact (such as allowing external specialists to carry out administration and configuration of integrating static analysis; get developers focused on quality instead of providing stable metrics and smooth running of the tool; etc.), ways to make usage of a tool more effective (prioritizing defects and ignoring obsolete code fragments), and also gives tips on some technical aspects of handling a static analyzer (symbol highlighting, defect tracking systems).
In one of his earlier posts the author told about the App Varifier tool that allows programmers to find various bugs by stressing memory and therefore causing the program to crash if there are errors of memory allocation and release. In this post the author describes two issues occurring on 64-bit Windows that make it difficult to use the crashing method, as the system either cannot track these crashes, or ignores them at all. The reasons and workaround are explained.
Mike Wall concentrates upon the aspect of optimizing and boosting performance of code during porting. Starting with an explanation of AMD64 architecture's advantages, the author discusses several methods of increasing code's performance including use of compiler switches, intrinsic functions, assembly and many more. In addition he also describes advantages of using CodeAnalyst tool when optimizing the code. In the article you will find some useful examples of code.
In his post, Bruce Dawson explains what technique he and his Valve team use to find and fix 64 bits related pointer truncation bugs. A code sample is taken as an example.
In this short post, the author tells us about his experience of using two static analysis tools each of which provides its own technique - Address Sanitizer (ASan) and Clang Static Analyzer.
The article explains the differences between 32-bit and 64-bit systems from the viewpoint of the entire system structure consisting of three components or levels: CPU, operating system and applications. The basic principles of architectural arrangement are explained, and the common questions about 32-bit and 64-bit systems are addressed.
The post focuses on the false idea that static analysis tools are testing tools or can be a good substitute for them. The author explains the difference between various kinds of testing and static analysis bringing out the point of the latter and its role in development. He agrees that static analyzers are necessary tools, but they are intended for detecting a "narrow band of code-related defects".
In his article John Carmack explains why static code analysis is especially crucial to large projects that are intended to be shipped to public and shares his experience of using various static analyzers such as Coverity, Microsoft /analyze, PVS-Studio and PC-Lint. He discusses strong and weak points of each tool and gives some recommendations for developers about which tool to choose.
This short post gives you some tips about how to choose a static analysis tool for your projects. Following these tips will help you to maximize your choice.