Factbites
 Where results make sense
About us   |   Why use us?   |   Reviews   |   PR   |   Contact us  

Topic: Static code analysis


Related Topics
RUP

In the News (Fri 17 Nov 17)

  
 Static code analysis - Wikipedia, the free encyclopedia
Static analysis is the term applied to the analysis of computer software that is performed without actually executing programs built from that software (analysis performed on executing programs is known as dynamic analysis).
In most cases the analysis is performed on some version of the source code and in the other cases some form of the object code.
A growing commercial use of static analysis is in the verification of properties of software used in safety-critical computer system.
en.wikipedia.org /wiki/Static_code_analysis   (455 words)

  
 Encyclopedia: Static code analysis
Static code analysis is a set of methods for software source code or object code in an effort to gain understanding of what the software does.
Static analysis is a family of formal methods automatically deriving information about the behavior of software (and also hardware).
Interest in the development of static analysis especially for use on safety-critical computer systems renewed after the high profile disaster of Ariane 5 Flight 501 when a space rocket exploded shortly after launch due to computer bug surely one of the most expensive bugs in history.
www.nationmaster.com /encyclopedia/Static-code-analysis   (1477 words)

  
 Static code analysis - Encyclopedia, History, Geography and Biography   (Site not responding. Last check: 2007-11-07)
One possible application of static analysis is automated debugging aid, especially the finding of run-time errors – roughly speaking, events causing program crashes.
Briefly, program analysis — including finding possible run-time errors – is undecidable: there is no mechanical method that can always answer truthfully whether programs may or not exhibit runtime errors.
Interest in the development of static analysis tools, especially for use on safety-critical computer systems, was renewed after the high profile disaster of Ariane 5 Flight 501, when a space rocket exploded shortly after launch due to a computer bug, surely one of the most expensive of such bugs in history.
www.arikah.com /encyclopedia/Static_analysis   (427 words)

  
 Static - Wikipedia, the free encyclopedia
Static linking, where identifiers are associated with data or sections of code during linking not run-time
Static random access memory, a type of semiconductor memory which retains its contents as long as power is applied
Static code analysis is a set of methods for analyzing code without running it
en.wikipedia.org /wiki/Static   (270 words)

  
 Static code analysis   (Site not responding. Last check: 2007-11-07)
Static code analysis is a set of methods for analysing software source code or object code in an effort to gain understanding of what the software does.
static analysis by abstract interpretation approximates the behavior of the system, either from above (considering more behaviors than can happen in reality), either from below.
One common metric in static analysis is McCabes Cyclomatic Complexity Metric which measures the number of choices a function makes.
www.sciencedaily.com /encyclopedia/static_code_analysis   (487 words)

  
 April 2002 Topic   (Site not responding. Last check: 2007-11-07)
Static analysis is commonly referred to as code analysis, as the analysis is performed statically by analyzing the source code where as dynamic analysis is performed while executing the executable code, hence “dynamic analysis”.
An emerging role of code analysis is with its importance for information assurance and the building of assurance cases.
Code analysis can also be used to address design concerns, conformance to project coding/quality standards, performance issues, and maintenance issues.
www.jhuapl.edu /sigada/apr_27_topic.html   (385 words)

  
 STSC CrossTalk - Software Static Code Analysis Lessons Learned© - Nov 2003
Static analysis does not prove that the requirements the code was developed from were correct or show that the compiled code is correct.
Object code analysis demonstrates that the object code is an accurate translation of the source code and that the compiler has introduced no errors.
Static code analysis is an effective software analysis technique; hence, its use is recommended in the context of safety-critical software particularly when conducted constructively as part of the software development process.
www.stsc.hill.af.mil /crosstalk/2003/11/0311german.html   (3945 words)

  
 Object Computing, Inc. - Java News Brief - June 2004
Given that code reviews can be effective at locating software defects during development when they are most easily and inexpensively fixed, it makes sense to automate this process as much as possible.
PMD is a static source code analysis tool, meaning that it analyzes source code lexically rather than by executing it as would be done in a unit test.
PMD is similar in concept to Checkstyle, another open code analysis tool that Mark Volkmann reviewed in the November 2002 Java News Brief.
www.ociweb.com /jnb/jnbJun2004.html   (4177 words)

  
 DAC Analysis for Symbols
Static analysis for symbols is the DAC "engine" because almost all other DAC functionalities depend on it.
Static analysis, which is based on the same principles as a compiler or linker, extracts all information on symbols from the source code of the user project (functions, variables, constants, types, macros) and saves them in the symbol database.
DAC version 4.0 has the advantage that the assembler code is analyzed along with the C source code, so the usefulness of this hidden yet powerful functionality is all the greater.
www.ristancase.com /dac/v40/features/analysis_for_symbols.html   (118 words)

  
 Perspectives on automatic defect removal
Static analysis becomes your adversary when you madly code up to a deadline, then are faced with a lengthy report of potential bugs to triage and chase down.
Static analysis is your ally when it can keep you apprised of your progress as you go.
Static analysis is a very useful tool to keep handy for improving quality.
www.ibm.com /developerworks/rational/library/05/524_asa   (1404 words)

  
 Klocwork | News ~ Static Analysis All the Rage
It was a static code checker that would scan through codebases written in C looking for programming infelicities, and then it would generate appropriate error reports.
But to be fair, the compiler’s job is not to perform static code analysis to identify potential errors for the programmer; its job is to generate binary code, and to do it fast.
This analysis is based on the assumption that any data provided by a user (be it on the command line, in a dialog box or via the Web) is malicious.
www.klocwork.com /company/releases/07_01_05a.asp   (916 words)

  
 Static Analysis Tools for C Code
This tool is focused primarily on the detection of memory leaks, and not on general source code analysis.
Less than 10% of the code of PREfix is said to concern with analysis per se, most applies to the filtering and presentation of output, to reduce the number of false positives.
Astree is a static program analyzer for structured C programs, but without support for dynamic memory allocation and recursion (as used, for instance for embedded systems and in safety critical systems).
www.spinroot.com /static   (707 words)

  
 Evaluating Source Code Analysis Tools
Static analysis tools are capable of detecting potential faults in C source code prior to execution-based testing.
Faults such as unreachable code or a missing response to a valid combination of conditions might be detected by a static analysis tool.
As a result, it was reasonable to conclude that this code would have the same types and density of faults as would be found in other user applications from this domain.
home.flash.net /~kennieg/cse6324/sca.html   (3243 words)

  
 Static code analysis
Static code analysis refers to a set of methods for analysing software source code in an effort to gain understanding and to target areas for review and/or rewrite.
One of the crudest measurments, for example, is the size of code, usually expressed in kLOC's (1000 lines of code).
The text of this article is licensed under the GFDL.
www.ebroadcast.com.au /lookup/encyclopedia/st/Static_code_analysis.html   (148 words)

  
 Static code analysis - Wikipedia
Static code analysis referes to a bunch of methods for analysing software source code in an effort to gain understanding and target areas for review and/or rewrite.
One common metric in static analysis is McCabes Cyclomatic Complexity Metric which basically measure the number of choices a function makes.
Functions with a high number of conditional statements (if's, while etc.) will have a high complexity therfore can be considered more likely to contain bugs and be harder to maintain.
nostalgia.wikipedia.org /wiki/Static_code_analysis   (169 words)

  
 Lecture 14 - COMP2100/2500 - DCS - ANU   (Site not responding. Last check: 2007-11-07)
Describe the process of code reviews and the benefits to be gained from including them in the software development process.
Static analysis only checks what people think the code will do against what they think it should do.
The setup code establishes the invariant and ensures the variant is not negative.
cs.anu.edu.au /students/comp2100/lec-static.html   (1183 words)

  
 Jtest promotes good Java hygiene | InfoWorld | Review | 2003-12-12 | By Rick Grehan
The former is more properly called static analysis and involves examining your code for errors in syntax, style, standard, and usage, and other characteristics.
Static analysis is driven by Jtest's library of rules, of which there are two general kinds: those that apply to specific Java constructs (such as EJBs or servlets) and those that apply to generic Java code (such as metrics or formatting).
Jtest examines your code’s generated class file, and – from the information it gathers – performs global static analysis to catch “soft errors” and poor coding practices, such as class fields that are never accessed.
www.infoworld.com /infoworld/article/03/12/12/49TCjtest_1.html?s=tc   (1620 words)

  
 Independent Design Analyses Approach Vs. Static Code Analysis
Static code analysis can identify unreachable code, infinite loops, initialization errors, code complexity, and output variable ranges that could generate a logic problem.
Most of the static analysis techniques use an intermediate language interpreter that translates the computer language written by the programmer into a language used by the analysis tool.
After the software code is translated into the intermediate language or IL, the IL is processed and reports are generated.
www.ida-inc.com /staticanalysis.html   (424 words)

  
 AdamU's WebLog : Static Code Analysis
I discovered several things that make me believe that measuring how much code we've written (along the lines of TSP or PSP) and some of the other properties of the code base can help me assess the state of the project.
Our dev team was averaging 1500 LOC per week for 9 weeks, and this last week, the number of files and code actualy decreased slightly.
According to the numbers I saw, our maximum complexity was 97 in the dev code base, and 52 on test.
blogs.msdn.com /adamu/archive/2005/07/26/443734.aspx   (258 words)

  
 Smart Software: Static Analysis
Static execution through multiple paths in a flowgraph locating infinite loops, dead code, condition violations, and exception-only code paths based on the dynamic types and values of variables.
However, since static analysis is not my main focus, it’s not a strategy I will invest in.
I'm looking for a static analysis tool that can tell me all possible exceptions for an object's method call, constructor, etc. I would also like details on the code-path that generates the exception and not have specific ties to a specific framework version (so I could run an analysis of App X against.NET 1.1).
wesnerm.blogs.com /net_undocumented/2005/11/static_analysis.html   (1330 words)

  
 SYNtacTICS, a tool for Automatic Error Prevention
TICS is a sophisticated tool for the automatic verification of coding standards that exploits the latest in compiler technology to provide high rule coverage and high performance.
A quality database tracks all violations issued from each code analysis, and allows QA managers to monitor via Intranet the quality of the system as a whole and compare quality between modules.
Code beautification can solve on a typical project more than 90% of the violations that occur.
www.synspace.com /EN/Services/syntactics.html   (715 words)

  
 Static Source Code Analysis FAQs / What is dynamic analysis   (Site not responding. Last check: 2007-11-07)
The objective of dynamic analysis is to reduce debugging time by automatically pinpointing and explaining errors as they occur.
The use of dynamic analysis tools can reduce the need for the developer to recreate the precise conditions under which an error occurs.
Identifying problems at the source code level with static source code analysis can further reduce the time and expense of other debugging tactics by allowing developers to identify and eradicate problems at the source code level, prior to compiling.
www.cleanscape.net /programming-solutions/code-analysis/lintfaq/what-dynamic-analysis.html   (210 words)

  
 Automated Error Prevention
Coding standards are language-specific 'rules' that significantly reduce the chance for developers to introduce errors.
Coding standards do not uncover existing problems, rather they actually prevent errors from occurring.
During development, coding standards help engineers produce high-quality code and understand and use the code of their colleagues.
www.synspace.com /EN/Services/tcc.html   (511 words)

  
 Analysis - Wikipedia, the free encyclopedia
An analysis is a critical evaluation, usually made by breaking a subject (either material or intellectual) down into its constituent parts, then describing the parts and their relationship to the whole.
aura analysis - study of bodily auras and energy fields
This is a disambiguation page: a list of articles associated with the same title.
en.wikipedia.org /wiki/Analysis   (177 words)

  
 Flawfinder Home Page
Practical Code Auditing by Lurene Grenier (December 13, 2002) briefly discusses simple approaches that can be performed for manual auditing (she works on the OpenBSD project).
There are a vast number of static analysis tools that check for style or for possible errors, which might happen to catch security problems.
Static analysis tools are unlikely to catch all problems in practice; they're best complemented with other approaches.
www.dwheeler.com /flawfinder   (3247 words)

  
 IntelliJ IDEA :: Code Inspection - easily detect and navigate to different inconsistencies and low-grade locations in ...
As a result of a powerful data flow analysis, IntelliJ IDEA will find such «suspicious» places in implementation code that might lead to problems such as a never executed if statement (when, for example, its condition is always false), possible NullPointerException, etc.
All common syntax errors, as well as all other errors that would be detected during compilation, are highlighted in the source code so you do not need to compile your code in order to find all your mistakes.
If any deprecated code is used in any class or interface, IntelliJ IDEA will recognize it and highlight the corresponding statements directly in the editor.
www.jetbrains.com /idea/features/code_inspection.html   (956 words)

  
 Coding Horror: Managed Code Analysis Tools
That's where static code analysis tools come in handy; they're akin to software tricorders.
There's an element of "correctness" associated with static code analysis, but I think this should be de-emphasized.
The most famous static code analysis tool for.NET is, of course, Microsoft's FxCop.
www.codinghorror.com /blog/archives/000381.html   (647 words)

  
 Coverity Selected In Department of Homeland Security Software Initiative | Linux Gazette
Its static analysis methods provide 100% path coverage and uncover very hard-to-find bugs found in complex code.
This feature helps to find errors in operating systems, for example, where many of its code paths are difficult and time-consuming to exercise in the testing phase.
Coverity (www.coverity.com), makers of the world's most advanced and scalable source code analysis solution for pinpointing software defects and security vulnerabilities, is a privately-held company based in San Francisco.
www.linuxgazette.com /node/10901   (812 words)

Try your search on: Qwika (all wikis)

Factbites
  About us   |   Why use us?   |   Reviews   |   Press   |   Contact us  
Copyright © 2005-2007 www.factbites.com Usage implies agreement with terms.