False positives Are Considered Enemies, But Can They Be Your Friends?

False positives Are Considered Enemies, But Can They Be Your Friends?

In this post, I’ll discuss how the different types of rules give rise to different types of false positives, which ones are easier to fix than others, and how you can help. I’ll end with insight into how issues that are false positives can still be true indicators that the code needs to change.

When writing a rule for static analysis, it’s possible that in some cases, the rule does not give the results that were expected. Unfortunately, naming a false positive is often far easier than fixing it. In this post, I’ll discuss how the different types of rules give rise to different types of false positives, which ones are easier to fix than others, and how you can help. I’ll end with insight into how issues that are false positives can still be true indicators that the code needs to change.

First let's take a look at what "false positive" means. There are two questions which shape the definition. First, is there a real issue in the code? Second, is an issue detected in the code? Combining them gives us a 2x2 Cartesian matrix:

Why are there false positives?

There are several kinds of rules, that rely on different analysis techniques. It therefore comes as no surprise that there are different reasons for false positives.

One important distinction is whether the rule needs to compute the semantic properties of your program (For instance: Can this string be empty? Is it possible for a call to function b to happen before a call function a? …​), or if it just needs to rely on syntactic properties (Is the program using goto? Does this switch handle all possible values of an enum? …​). Let’s look at the impact this difference has.

Rice’s theorem

Rice’s theorem says that any non-trivial semantic property of a program is undecidable. A very well-known special case of this theorem is the halting problem, which was proven impossible to solve by Alan Turing. There is no way to write a rule that can detect, given the source code of another program, whether this other program will stop or run indefinitely.

Fortunately, these theorems don’t mean that static analysis is doomed to fail. There are heuristics that work reasonably well in many useful cases. It’s just not possible to write something that will work in all cases. Rules that rely on semantic properties will always be subject to false positives.

cpp static-analysis hackernoon-top-story false-positives-cpp c#

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Static in C# | What is static | Static Methods & Classes | C# Tutorial | Advanced C#

LIKE | COMMENT | SHARE | SUBSCRIBE In this tutorial, I will discussed about Static in C#. A static class is declared with the help of static keyword. A stati...

Static example in C# | What is static | Static Methods & Classes | Advanced C#

LIKE | COMMENT | SHARE | SUBSCRIBE In this tutorial, I will discussed about Static in C#. A static class is declared with the help of static keyword. A stati...

Dicey Issues in C/C++

C/C++ problems. If you are familiar with C/C++then you must have come across some unusual things and if you haven’t, then you are about to. The below codes are checked twice before adding, so feel free to share this article with your friends.

How to work with static variables in C

Static variables in C. How to work with static variables in C

Extension method in C# | C# static extension method | C# Bangla Tutorial | Advanced C#

LIKE | COMMENT | SHARE | SUBSCRIBE In this tutorial, I will discussed about Extension method in C#. Extension methods, as the name suggests, are additional m...