http://www.klocwork.com/blog/2009/05/false-positives/?utm_source=rss&utm_medium=rss&utm_campaign=false-positives >kloctalk is a blog and a community for software development professionals who create and maintain mission-critical software and the challenges they face on a daily basis. Tue, 24 Jan 2012 14:57:13 +0000 hourly 1 http://wordpress.org/?v=3.0.4 http://www.klocwork.com/blog/2009/05/false-positives/comment-page-1/#comment-3043 Andrew Wed, 18 Aug 2010 16:48:39 +0000 http://www.klocwork.com/blog/?p=175#comment-3043 Interestingly, some organizations use "false positives" as an opportunity to flag code that should be rewritten. Modern static analysis tools are pretty sophisticated and so code that trips up the analysis can be indicative of code that is overly complex and difficult to maintain. The rocket scientists at NASA use the "Power of 10" rules, one of which states that not only should they fix problems coming from static analysis tools, but also "fix" the code so warnings/false positives go away. This process may not be for everybody, and sometimes there are real false positives which should be ignored, but the point is that false positives may be indicative of something more than a deficiency in analysis. For more on the power of 10 visit http://codeintegrity.blogspot.com/2010/08/power-of-10-for-safety-critical-code.html Interestingly, some organizations use “false positives” as an opportunity to flag code that should be rewritten. Modern static analysis tools are pretty sophisticated and so code that trips up the analysis can be indicative of code that is overly complex and difficult to maintain. The rocket scientists at NASA use the “Power of 10″ rules, one of which states that not only should they fix problems coming from static analysis tools, but also “fix” the code so warnings/false positives go away. This process may not be for everybody, and sometimes there are real false positives which should be ignored, but the point is that false positives may be indicative of something more than a deficiency in analysis. For more on the power of 10 visit http://codeintegrity.blogspot.com/2010/08/power-of-10-for-safety-critical-code.html

]]>