Static code analysis is the process of analyzing source code without executing a program. Unlike testing or dynamic analysis, the process of performing static analysis is interpreted differently among software engineers. This has led to several misconceptions regarding the role that static analysis plays in the software development process and the benefits it brings to code verification. However, because static analysis is becoming ubiquitous in many high-integrity development processes, the static analysis team will debunk some of the major misconceptions that we have heard from customers. These include statements such as, “I do not need static analysis because I do sufficient testing,” or, “Static analysis is only necessary if you are trying to meet certification objectives,” or even, “It is just an extra step to calculate a few metrics for quality.” We will share how static analysis tools, particularly Polyspace® products, can complement your development process. Using advanced formal methods, Polyspace products provide a complete solution for static code analysis, from enforcing coding rules and identifying bugs, to measuring code quality under all possible run-time conditions.
