Static Code Analysis

Improve code quality without code execution

Static code analysis, or static analysis, is a software verification activity that analyzes source code for quality and reliability. You can identify and diagnose run-time errors such as overflows, divide by zero, and illegally dereferenced pointers and then use the metrics produced by static code analysis to measure and improve software quality. In contrast to other verification techniques, static code analysis is automated, which means you can do this analysis without executing the program or developing test cases.

Basic static code analysis techniques include:

  • Generating code quality metrics, such as counting the number of lines of code, determining comment density, and assessing code complexity
  • Verifying compliance to coding standards such as MISRA-C/C++ or JSF++ (Joint Strike Fighter Air Vehicle C++)

Sophisticated techniques couple static code analysis with formal methods. Formal methods apply theoretical computer science fundamentals to solve difficult problems in software, such as proving that the software will not fail with a run-time error.

The combination of static code analysis and formal methods enables you to:

This approach is comprehensive and complete, because every failure point in the code is identified as proven to fail, proven not to fail, may never execute (dead code), or unproven.

For details, see Polyspace® products.

See also: Polyspace Bug Finder, Static analysis with Polyspace products, verification, validation, and test, embedded systems, abstract interpretation, code review, cyclomatic complexity, formal methods, software metrics, software QA, software quality objectives, source code analysis, static code analysis, static code analysis videos