Morioh
Login
Terry Tremblay

Terry Tremblay

3 years ago

When writing a rule for static analysis, it’s possible that in some cases, the rule does not give the results that were expected. Unfortunately, naming a false positive is often far easier than fixing it. In this post, I’ll discuss how the different types of rules give rise to different types of false positives, which ones are easier to fix than others, and how you can help. I’ll end with insight into how issues that are false positives can still be true indicators that the code needs to change.

First let’s take a look at what “false positive” means. There are two questions which shape the definition. First, is there a real issue in the code? Second, is an issue detected in the code? Combining them gives us a 2x2 Cartesian matrix:

Why are there false positives?

There are several kinds of rules, that rely on different analysis techniques. It therefore comes as no surprise that there are different reasons for false positives.

One important distinction is whether the rule needs to compute the semantic properties of your program (For instance: Can this string be empty? Is it possible for a call to function b to happen before a call function a? …​), or if it just needs to rely on syntactic properties (Is the program using goto? Does this switch handle all possible values of an enum? …​). Let’s look at the impact this difference has.

Rice’s theorem

Rice’s theorem says that any non-trivial semantic property of a program is undecidable. A very well-known special case of this theorem is the halting problem, which was proven impossible to solve by Alan Turing. There is no way to write a rule that can detect, given the source code of another program, whether this other program will stop or run indefinitely.

Fortunately, these theorems don’t mean that static analysis is doomed to fail. There are heuristics that work reasonably well in many useful cases. It’s just not possible to write something that will work in all cases. Rules that rely on semantic properties will always be subject to false positives.

#cpp #static-analysis #hackernoon-top-story #false-positives-cpp #c#

False positives Are Considered Enemies, But Can They Be Your Friends?

hackernoon.com

False positives Are Considered Enemies, But Can They Be Your Friends?

In this post, I’ll discuss how the different types of rules give rise to different types of false positives, which ones are easier to fix than others, and how you can help. I’ll end with insight into how issues that are false positives can still be true indicators that the code needs to change.

1.10 GEEK