Accelerating the pace of engineering and science
Static Code Analysis |
Improve code quality without code execution
Static code analysis (also known as static analysis) is a software verification activity in which source code is analyzed for quality and reliability. This analysis enables software developers and testers to identify and diagnose run-time errors such as overflows, divide by zero, and illegally dereferenced pointers. Metrics produced by static code analysis provide a means by which software quality can be measured and improved. In contrast to other verification techniques, static code analysis is automated, and can therefore be done without executing the program or developing test cases.
Basic static code analysis techniques include:
- Generating code quality metrics, such as counting the number of lines of code, determining comment density, and assessing code complexity
- Verifying compliance to code standards such as MISRA-C/C++ or JSF++ (Joint Strike Fighter Air Vehicle C++)
Sophisticated techniques couple static code analysis with formal methods. Formal methods apply theoretical computer science fundamentals to solve difficult problems in software, such as proving that the software will not fail with a run-time error.
The combination of static code analysis and formal methods enables developers to:
This approach is comprehensive and complete, because every failure point in the code is identified as proven to fail, proven not to fail, may never execute (dead code), or unproven.
Polyspace products are an example of the class of static code analysis tools that utilize formal methods. They perform static code analysis to detect run-time errors and prove the absence of certain run-time errors in C/C++ and Ada source code. The products also produce code quality metrics and check source code for compliance to code standards such as MISRA-C/C++ and JSF++.
Examples and How To
- Eliminating Critical Software Errors in Embedded Code Using Static Code Analysis (Webinar)
- Proving the Absence of Run-Time Errors 3:44 (Video)
Software Reference
- Polyspace Client for C/C++ (Product)
- Polyspace Client for Ada (Product)
See also: Polyspace code verification products, verification, validation, and test, embedded systems
