Reviews

  • The Coverity Team. A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World

    01.01.2010
    In this article, the Coverity developers share their experience of developing and commercializing their own static analyzer as well as conclusions and lessons they draw from this experience. The authors formulate what they have called "laws of bug finding" and discuss various specifics of implementing a good static analysis tool.

  • Static code analysis (Wikipedia)

    03.09.2009
    Wiki-resource devoted to static code analysis. It describes the essence of this technology and provides a lot of links to other materials on static analysis tools and related domains.

  • C++ Static Analysis

    02.09.2009
    This short post describes some C++ static analysis tools that can help developers to find some specific errors related to code duplication, cyclomatic complexity as well as general programming errors. The author also gives some tips on how to integrate static analysis tools into the development process and find newly introduced errors as soon as possible.

  • Scott Meyers, Martin Klaus. A First Look at C++ Program Analyzers

    27.08.2009
    This article will be interesting for every user involved in C++ programming while it describes the authors' effort to investigate the most popular C++ code analyzers on the basis of special rules and sample error patterns to be analyzed by the tools. The description of the testing base and the results are thoroughly commented and shown in various tables and code samples.

  • Raoul Jetley, Paul Anderson. Using static analysis to evaluate software in medical devices

    21.08.2009
    This is one more article devoted to using static analysis to test medical devices' software. The authors explain how static analysis may be helpful in post-market testing and maintenance of medical devices and study the results of tests performed by the tool CodeSonar as an example.

  • Jack Ganssle. The value proposition - unfulfilled

    06.08.2009
    In his article written with much irony, Jack Ganssle touches upon the topic of inefficient tools provided by dishonest vendors. He explains the complicated situation in the field of software development and describes thinking and behavior stereotypes spread among developers, company bosses and vendors that lead to this vicious cycle when customers' needs are left unsatisfied despite a great many of ads and promises.

  • Sergei Sokolov. Bulletproofing C++ Code

    14.06.2009
    The author of the article focuses on improving the process of C++ code development. He describes the main things to be considered while analyzing, debugging and enhancing the code. These include using static analysis tools, creating a suite of unit and regression tests and so on. The article is divided into four sections devoted to various techniques and contains code samples.

  • Philip J. Guo, Dawson Engler. Linux Kernel Developer Responses to Static Analysis Bug Reports

    23.05.2009
    This article presents a study of how Linux kernel developers respond to bug reports generated by a static analyzer. The authors find out that most developers prefer to sort bug reports in several categories and show what factors affect decisions made about triaging certain types of errors or, on the contrary, what makes developers refrain from triaging and reviewing corresponding code fragments. The authors' conclusions are supported by plenty of graphs and tables.

  • Roel Wuyts. C++ analysis tools

    29.03.2009
    The author of this note provides a list of tools for C++ analysis where he describes various commercial and open-source tools. For each item there are a brief description and a link to the related site.

  • Walter W. Schilling, Jr., Mansoor Alam. Integrate static analysis into a software development process

    19.02.2009
    Nowadays, when system reliability depends upon software rather than hardware, it is very important to improve quality of embedded software. Static analysis is a perfect technique for this purpose. The article discusses the classification of static analysis tools and describes some of the most popular tools used for various purposes (general-purpose, Java-oriented and security control tools). Another section of the article is devoted to the issues of integrating static analysis into the software development process and explains each step of this procedure. The text contains illustrative schemes and code samples.