Source Code Analysis

Improve code quality without code execution

Source code analysis (also known as static code analysis) lets you analyze source code for quality and reliability. You can identify and diagnose run-time errors such as overflows, divide by zero, and illegally dereferenced pointers and then use the resulting metrics to measure and improve software quality. Because this analysis is automated, you can analyze code without executing the program or developing test cases.

Basic source analysis techniques include:

  • Generating code quality metrics, such as counting the number of lines of code, determining comment density, and assessing code complexity
  • Verifying compliance to code standards such as MISRA-C/C++ or JSF++ (Joint Strike Fighter Air Vehicle C++)

Sophisticated techniques couple source code analysis with formal methods that apply theoretical computer science fundamentals to solve problems such as proving that the software will not fail with a run-time error.

The combination of source code analysis and formal methods enables you to:

This comprehensive approach makes sure that every failure point in the code is identified as proven to fail, proven not to fail, may never execute (dead code), or unproven.

For details about source code analysis tools that use formal methods, see Polyspace® products.

See also: Polyspace Bug Finder, Static analysis with Polyspace products, verification, validation, and test, embedded systems, abstract interpretation, code review, cyclomatic complexity, formal methods, software metrics, software QA, software quality objectives, source code analysis, static code analysis