Reviews

  • Matt Might. What is static program analysis?

    15.10.2012
    The author explains the static program analysis methodology at the fundamental level through the halting problem. Static analysis from this viewpoint is an attempt to predict the program behavior and therefore to solve the halting problem for particular cases. The author uses an example of determining register signs in a sample program written in a simple machine language to show how static analysis fulfills this task. At the end of the article, there is a set of exercises to involve the readers into further improving the author's algorithm and thus acquire a better understanding of its principles.

  • Flash Sheridan. Deploying Static Analysis

    07.08.2012
    Static analysis is a valuable methodology of bug fixing, but, as the article author claims, it offers important challenges to developers. These challenges relate more to psychological and social aspects of human behavior rather than technical issues. It means that programmers in a company which is going to use static analysis will tend to resist the changes caused by accepting a new practice and discipline implied by use of a static analysis tool. Flash Sheridan describes methods to avoid these issues or reduce their impact (such as allowing external specialists to carry out administration and configuration of integrating static analysis; get developers focused on quality instead of providing stable metrics and smooth running of the tool; etc.), ways to make usage of a tool more effective (prioritizing defects and ignoring obsolete code fragments), and also gives tips on some technical aspects of handling a static analyzer (symbol highlighting, defect tracking systems).

  • Christian Holler. Trying new code analysis techniques

    27.01.2012
    In this short post, the author tells us about his experience of using two static analysis tools each of which provides its own technique - Address Sanitizer (ASan) and Clang Static Analyzer.

  • Jim Bird. Static Analysis isn't Development Testing

    06.01.2012
    The post focuses on the false idea that static analysis tools are testing tools or can be a good substitute for them. The author explains the difference between various kinds of testing and static analysis bringing out the point of the latter and its role in development. He agrees that static analyzers are necessary tools, but they are intended for detecting a "narrow band of code-related defects".

  • John Carmack. Static Code Analysis

    24.12.2011
    In his article John Carmack explains why static code analysis is especially crucial to large projects that are intended to be shipped to public and shares his experience of using various static analyzers such as Coverity, Microsoft /analyze, PVS-Studio and PC-Lint. He discusses strong and weak points of each tool and gives some recommendations for developers about which tool to choose.

  • Frank Kim. Seven Tips for Picking a Static Analysis Tool

    13.12.2011
    This short post gives you some tips about how to choose a static analysis tool for your projects. Following these tips will help you to maximize your choice.

  • Development Testing with Static Analysis

    07.11.2011
    The post refers us to an article by Coverity describing the benefits of static analysis and mentioning three analysis techniques it can provide: dataflow analysis, interprocedural analysis and false-path pruning. Each of this technique is illustrated by a code sample.

  • Arthur Hicken. What is Static Analysis... and What is it Good For?

    05.10.2011
    Static analysis includes many techniques each of which helps developers to find various bugs and issues at different stages of the development process. In his article, Arthur Hicken describes these techniques (peer code review, pattern based analysis, flow analysis, metrics, compiler/build output) and the types of problems they are meant to solve.

  • Pierre Morel-Fourrier. C++ code analysis in Visual Studio 2012

    11.09.2011
    The article concerns the C++ code analyzer integrated into the Visual Studio 2012 development environment. The author speaks on the improvements introduced into the new version of the application and cites several code samples to show how it works and demonstrate various features of the analyzer. The text is complemented with screenshots explaining how to handle the analyzer.

  • S.G. Ganesh. Joy of Programming: The Technology Behind Static Analysis Tools

    01.09.2011
    The article deals with the technology of static analysis. The main principle of static analysis tools' operation is explained and different techniques that comprise static analysis are described. Among them are bug pattern matching, data-flow analysis, abstract interpretation, model checking and program querying. The author also mentions tools specializing in each of these techniques. Information given in the article can help students in trying to make their own tools.