Static code analysis
Static code analysis is a methodology of detecting errors in program code relying on studying the code fragments marked by the static analyzer by the programmer. The marked code fragments are most likely to contain errors of some particular kind.
In other words, a static analysis tool detects those places in the program text which are subject to errors or have bad formatting. Such code fragments are left for the programmer to study them and decide if they must be modified.
Static analyzers may be general-purpose (for example, Cppcheck, Microsoft PREFast, Gimpel Software PC-lint, Parasoft C++test) and special-purpose to search for some particular error classes (for example, Chord to verify concurrent Java programs). Usually static analysis tools are rather expensive and require that you know how to use them.They often provide rather flexible yet complicated subsystems of settings and false alarm suppression. Because of this static analyzers are used, as a rule, in companies providing a mature level of software development processes. In exchange for being complicated to use static code analyzers allow programmers to detect a lot of errors at the early stages of program code development. The practice of using static analysis also disciplines programmers and helps managers control young employees.
The main advantage of static code analyzers is an opportunity to greatly reduce the costs of eliminating defects in a program. The earlier an error is detected, the less expensive it is to correct it. Thus, according to the book “Code Complete” by McConnell, correction of an error at the stage of testing the code is five times more expensive than at the stage of designing the code (coding):
Figure 7 – Average costs of correcting defects depending upon the time of their appearance in the code and their detection (the data presented in the table are taken from the book ‘Code Complete’ by S. McConnell)
Static analysis tools reduce the cost of development of the whole project by detecting many errors at the stage of designing the code.
Static analysis for detecting 64-bit errors
Let us point out the advantages of static code analysis that make this method the most appropriate to detect errors in 64-bit code:
- You can check the WHOLE code. Analyzers can even test those code fragments that get control very seldom. In other words, static analyzers provide nearly full coverage of the code. It allows you to make sure that the whole code has been checked before you port it to a 64-bit system.
- Scalability. Static analysis allows you to analyze both a small and a large project with equal simplicity. Labor intensiveness rises directly as the project size. You may easily distribute the project analysis among several developers. You need just to distribute the project’s parts among the programmers.
- While only beginning to work on a project, the developer will not fail to notice possible issues even without knowing all the peculiarities of the 64-bit code. The analyzer will point at the dangerous places and Help system will tell you everything you should know about this or that issue.
- Costs are reduced due to early diagnosis of errors.
- You may efficiently use static analysis tools both when porting code to a 64-bit system and developing a new 64-bit code.
PVS-Studio is a static code analyzer to check contemporary resource-intensive applications. Also, PVS-Studio is a leader in detection of 64-bit errors.
PVS-Studio analyzer is designed for a Windows-platform. However, at the time of writing this text, the PVS-Studio team is working on the Linux version of the analyzer, so there is a high probability that there is already Linux support (more details – on the web site).
PVS-Studio integrates into Microsoft Visual Studio 8 development environment (see Figure 8). PVS-Studio’s interface allows you to filter diagnostic warnings using various techniques and also save and load warning lists.
Figure 8 – PVS-Studio integrating into Microsoft Visual Studio
The analyzer’s system requirements coincide with those of Microsoft Visual Studio:
- 64-bit operating system: Windows10/Windows8/Windows 7/Vista.
- Development environment: Microsoft Visual Studio 2010/2012/2013/2015. Note that PVS-Studio cannot work with Visual C++ Express because this system does not support add-in modules.
- Hardware: PVS-Studio can work on systems that have not less than 2 Gbyte of memory (it is recommended to have 4 Gbytes or more); the analyzer supports employment of several cores (the more the cores, the faster the code analysis is).
All the errors that can be diagnosed are thoroughly described in Help system that becomes available after you install PVS-Studio. PVS-Studio documentation is available on our website.