Static analysis has had very little to show for C, because the language is fundamentally hostile to it. Dynamic mitigations have been much more effective.
This Tweet was deleted by the Tweet author. Learn more
Conversation
This Tweet was deleted by the Tweet author. Learn more
This Tweet was deleted by the Tweet author. Learn more
Has to do with the style of code as well as the libraries you link to. The use of unbounded structures and imprecisely tracked memory objects adds to that mix
In order for static analysis to be useful, code has to be written to allow for deep analysis
1
Compare bugs found with ASan/UBSan/TSan + testing / fuzzing vs. static analysis. Static analysis barely finds anything. It also tends to have lots of false positives, which are harmful, and encourage making changes to the code which can and often does lead to introducing bugs.
2
2
"Static analysis has found a few bugs in SQLite, but those are the exceptions. More bugs have been introduced into SQLite while trying to get it to compile without warnings than have been found by static analysis."
1
1
It's like that for Linux kernel as well. There are classes of bugs that defy casual static analysis and you have to basically make your own runtime correctness checking tools (lockdep etc)
1
1
This Tweet was deleted by the Tweet author. Learn more
Choosing safe architectures and tools is obviously part of good design. Those design choices made before starting to write any code for the implementation are some of the most important. Static analysis can be quite helpful, but depends a lot on the language making it work well.
Static analysis doesn't work well for C, due to the lack of memory safety and very weak type system. It's very difficult to accurately analyze. It loses far more of the intent behind the design than a safer language and/or one with features for writing more structured code.
1
This Tweet was deleted by the Tweet author. Learn more
Show replies