Static code analysis, or static analysis, is a software verification activity that analyzes source code for quality and reliability. You can identify and diagnose run-time errors such as overflows, divide by zero, and illegally dereferenced pointers. You can use the metrics produced by static code analysis to measure and improve software quality. In contrast to other verification techniques, static code analysis is automated, so you can do this analysis without executing the program or developing test cases.
Basic static code analysis techniques include:
Sophisticated techniques couple static code analysis with formal methods. Formal methods apply theoretical computer science fundamentals to solve difficult problems in software, such as proving that the software will not fail with a run-time error.
The combination of static code analysis and formal methods enables you to:
This approach is comprehensive and complete, because every failure point in the code is identified as proven to fail, proven not to fail, may never execute (dead code), or unproven.
For details, see Polyspace® products.
See also: Static analysis with Polyspace products; verification, validation, and test; embedded systems; abstract interpretation; code review; cyclomatic complexity; formal methods; software metrics; software QA; software quality objectives; source code analysis; static code analysis; static code analysis videos