Q&A: 'Aha!' Moments And The Holy Grail - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
01:40 PM

Q&A: 'Aha!' Moments And The Holy Grail

Gwyn Fisher is chief technical officer at Klocwork, a provider of static code analysis tools.

Gwyn Fisher is chief technical officer at Klocwork, a provider of static code analysis tools. He recently spoke with Dr. Dobb's editor-in-chief Jonathan Erickson.

Dr. Dobb's: What's the hard part of static analysis?

Fisher: There's a tipping point in using a static analysis tool, and it depends on finding that "aha!" moment as quickly as possible. This might be a bug you'd never have found yourself, or it might be an architectural recommendation that slipped past you. Whatever it is, it has to happen pretty quickly.

Dr. Dobb's: As a tool builder, how do you cope with new technologies?

Fisher: It might be a technology paradigm shift, such as multicore, it might be a new standard or a new de facto adoption of a framework such as Boost--all of these form the core of what we invest in over time. Developers buy a static analysis tool because it finds bugs in their code. Anything else we do differentiates our approach from our competitors, but if we don't support their language, platform, or libraries, then the product isn't worth implementing.

Dr. Dobb's: Does parallelization make static analysis faster, better, more accurate?

Fisher: Yes indeed. Any competent analysis product can process nodes in the control flow graph that occur at the same level in the hierarchy in parallel. We provide both multicore parallelism as well as a multimachine parallelism, both of which can be used to scale the analysis task almost linearly across hardware resources.

Dr. Dobb's: When it comes to static analysis, what's the Holy Grail?

Fisher: What we're all working hard at is trying to actually completely solve the problem of static analysis. Today's commercial tools all work in an unsound model of analysis, whereby we claim to find some bugs in your code, and we don't--and can't--claim to find all the bugs in your code, and only the bugs in your code. Any tools--mostly academic--that perform sound analysis, and therefore claim to find all bugs in your code, do so at the cost of vast false-positive numbers, upward of 80% to 90%. Obviously that's not tractable for real usage, so the Holy Grail here is a technology that not only can find all bugs, but has a 0% false-positive rate at the same time. ... But don't hold your breath.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Tech Spending Climbs as Digital Business Initiatives Grow
Jessica Davis, Senior Editor, Enterprise Apps,  4/22/2021
Optimizing the CIO and CFO Relationship
Mary E. Shacklett, Technology commentator and President of Transworld Data,  4/13/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll