The author explains the static program analysis methodology at the fundamental level through the halting problem. Static analysis from this viewpoint is an attempt to predict the program behavior and therefore to solve the halting problem for particular cases. The author uses an example of determining register signs in a sample program written in a simple machine language to show how static analysis fulfills this task. At the end of the article, there is a set of exercises to involve the readers into further improving the author's algorithm and thus acquire a better understanding of its principles.
Static analysis is a valuable methodology of bug fixing, but, as the article author claims, it offers important challenges to developers. These challenges relate more to psychological and social aspects of human behavior rather than technical issues. It means that programmers in a company which is going to use static analysis will tend to resist the changes caused by accepting a new practice and discipline implied by use of a static analysis tool. Flash Sheridan describes methods to avoid these issues or reduce their impact (such as allowing external specialists to carry out administration and configuration of integrating static analysis; get developers focused on quality instead of providing stable metrics and smooth running of the tool; etc.), ways to make usage of a tool more effective (prioritizing defects and ignoring obsolete code fragments), and also gives tips on some technical aspects of handling a static analyzer (symbol highlighting, defect tracking systems).
In this short post, the author tells us about his experience of using two static analysis tools each of which provides its own technique - Address Sanitizer (ASan) and Clang Static Analyzer.
The post focuses on the false idea that static analysis tools are testing tools or can be a good substitute for them. The author explains the difference between various kinds of testing and static analysis bringing out the point of the latter and its role in development. He agrees that static analyzers are necessary tools, but they are intended for detecting a "narrow band of code-related defects".
In his article John Carmack explains why static code analysis is especially crucial to large projects that are intended to be shipped to public and shares his experience of using various static analyzers such as Coverity, Microsoft /analyze, PVS-Studio and PC-Lint. He discusses strong and weak points of each tool and gives some recommendations for developers about which tool to choose.
This short post gives you some tips about how to choose a static analysis tool for your projects. Following these tips will help you to maximize your choice.
The post refers us to an article by Coverity describing the benefits of static analysis and mentioning three analysis techniques it can provide: dataflow analysis, interprocedural analysis and false-path pruning. Each of this technique is illustrated by a code sample.
Static analysis includes many techniques each of which helps developers to find various bugs and issues at different stages of the development process. In his article, Arthur Hicken describes these techniques (peer code review, pattern based analysis, flow analysis, metrics, compiler/build output) and the types of problems they are meant to solve.
The article concerns the C++ code analyzer integrated into the Visual Studio 2012 development environment. The author speaks on the improvements introduced into the new version of the application and cites several code samples to show how it works and demonstrate various features of the analyzer. The text is complemented with screenshots explaining how to handle the analyzer.
The article deals with the technology of static analysis. The main principle of static analysis tools' operation is explained and different techniques that comprise static analysis are described. Among them are bug pattern matching, data-flow analysis, abstract interpretation, model checking and program querying. The author also mentions tools specializing in each of these techniques. Information given in the article can help students in trying to make their own tools.