Developer psychology WRT analysis tools
• Responds well to perverse incentives
• Hard-to-understand defect reports are easy to ignore
• No downside to incorrectly triaging true positives as false positives
• Finding defects is hard; presenting evidence that prevents
incorrect classification as a false positive is harder
• Deep analysis with theorem provers can be worse than shallow
analysis with cheap heuristics.
• Presenting the result is insufficient; the developer must understand
the proof to fix the defect.