So if industrial static analysis tools aren't sound, which means they produce false negatives (ie. they can pass programs with logical errors they're meant to detect), how do you use them to assure code quality?
Same way you use anything. Testing isn't perfect, yet it is still useful. Fuzzing isn't perfect, yet it is still useful. Unsound static analysis techniques aren't perfect, yet they are still useful.
The alternative is that your abstract interpretation is pinning to Top very quickly and then throwing false positives everywhere.
You can't assure code quality, you can only use them to make you code is a bit better because you fixed issues found by the tool and asymptotically approach ideal code and lower the probability there are serious errors. AKA better than nothing.
The alternative is that your abstract interpretation is pinning to Top very quickly and then throwing false positives everywhere.