Static code analysis is the process of detecting errors and defects in a software’s source code. Static analysis can be viewed as an automated code review process. Let’s speak about the code review now.
static code analysis
Grounded Pointers
Once one of our colleagues left the team and joined one company developing software for embedded systems. There is nothing extraordinary about it: in every firm people come and go, all the time. Their choice is determined by bonuses offered, the convenience aspect, and personal preferences. What we find interesting is quite another thing. Our ex-colleague is sincerely worried about the quality of the code he deals with in his new job. And that has resulted in us writing a joint article. You see, once you have figured out what static analysis is all about, you just don’t feel like settling for “simply programming”.
Let’s Play a Game
The authors of the PVS-Studio analyzer invite you to test your attentiveness.
Code analyzers never get tired and can find errors a human’s eye cannot easily notice. We have picked a few code fragments with errors revealed by PVS-Studio, all the fragments taken from well-known open-source projects.
Review of contemporary C/C++ static code analyzers
In this article, I’ll try to assess the current situation concerning static analysis of C/C++ code. This study has a slightly philosophical character and in no way claims to be absolutely complete and objective. There also won’t be any discussions of which analyzer is better. Such comparisons are usually a pointless action: there will always be people who disagree with the chosen methodology or suspect the researcher in being biased. To do the research, I’ll try to take the list of popular contemporary analyzers of C/C++ code (for example, from Wikipedia) and understand, which tools don’t already fit there and if there is a need to add something there.
PVS-Studio 6.16 released
PVS-Studio is a static code analyzer that detects errors and potential vulnerabilities in the source code of programs written in C/C++/C#. Version 6.16 has obtained 11 new general analysis diagnostics.
Videos about static code analysis
IT conferences and meetings on programming languages see a growing number of speakers talking about static code analysis. Although this field is quite specific, there is still a number of interesting discussions to be found here to help programmers understand the methods, ways of use, and specifics of static code analysis. In this article, we have collected a number of videos on static analysis whose easy style of presentation makes them useful and interesting to a wide audience of both skilled and novice programmers.
What is Static Analysis?
Author: Matt Might
Static analyzers allow programmers to bound and predict the behavior of software without running it. Once used exclusively for program optimization, they have rapidly risen in prominence for areas like software security and automatic parallelization. The author takes you on a tour of the landscape of static analysis through the lens of abstract interpretation.
Flaws in Microsoft Code Contracts
We have successfully created and continue developing PVS-Studio analyzer for C/C++ languages. Over the time, it became clear that many of the diagnostics that we have implemented are not related to a specific programming language, so we decided to apply our experience to another programming language, namely C#. In this article, we are talking about the analysis of Code Contracts project by Microsoft done by our C# analyzer.
