Static program analysis
Static code analysis or short static analysis is a static software testing process, which is performed at compile time. The source code is in this case a series of formal tests have been conducted, in which certain kinds of errors can be detected before the corresponding software is running (for example, in the module test). The method belongs to the falsifying method, i.e., the presence of errors is determined.
Based on the classical program Lint, the process is referred to as Linten (English linting ).
Methodological context
Classification
As part of the software testing process, the Static code analysis is attributable to the white-box test method ( you need the source code). The analysis can be done by manual inspection, but also automatically by a program. This is called static analysis, as the software to be tested in terms of algorithms and data in their formulation and composition (static) the auditor ( or tool ) is available.
Demarcation
Precursor of the static analysis are the test methods of the standardized programming and the tools for the detection of code - patterns, called Style Checker.
Dynamic code analysis is in contrast to static analysis requires a running program. A dynamic counterpart to the static code analysis at compile time, for example, the profiling at runtime.
Method
In addition to the conscientious study of source code by developers, it is possible tool support many editorial errors or detect automatically. The spectrum ranges from the freezing of simple coding standards (eg, a return statement per function) concerning the examination of type conversions and across boundaries to search for specific types of memory leaks to the technical verification of the source code.
Simple Analyses are often already in the compiler (translator ) integrates a programming language, such as the test for initialization of a variable. In addition, there are methods to check the programming style of aesthetics and pragmatics, namely the stylistic methods. However, only warning messages are often displayed that can be ignored. In so-called profilers additional object code is generated, which generates statements about code coverage and Codefrequentierung. True static analyzer there are few.
Automated Code Review software simplifies the task of reviewing large parts of programs through systematic checks on vulnerable areas such as:
- Race Conditions
- Format string attacks
- Buffer overflows
- Memory leaks
Due to a still significant number of incorrectly recognized, only alleged weaknesses in the source code a fully automatic correction based tools for static code analysis to this day is not common practice.
Tools
As a " classic" in this field, in addition Lint also Checkstyle, FindBugs and PMD for Java or C cppcheck, to name Splint for C or FxCop or StyleCop for C #.
Such tools can not only run alone, but also integrated into the development environment or in the build server. You are not limited to encoding rules such as the MISRA C rules, but also recognize functional and technical errors, potential bugs as well as qualitative weaknesses in the code ( so-called Bad Smells ), such as duplicated code (including software clones called ).
Some tools can check the code on security-related programming errors such as buffer overflows or race conditions, such as Rough Auditing Tool for Security ( RATS).
In addition, there are tools that check also architecture metrics and the conformity of the code with the architecture specification. These include, for example, sonar graph and Sotograph.