A static code analysis is commonly understood to be an automatic check by a tool. This is only a recent development. Only 10 years ago these tools were not as good as they are today and they were not available in such a variety as today. Static code analysis is simply part of what so far was called a static white-box test. This is a test which is performed on the source code without executing it. Thus it is called "static". The expression "white-box" stands for the kind of test which is concerned with the implementation of the code i.e. its structure and details, calculations and data operations. The overall functionality of the software is not in focus, but the details, quality and safety of its programming. A part of the test can be done automatically using analysis tools as e.g. Lint or the Safer-C toolset. But this should not be all it has to be followed by a manual code inspection, which is an inspection or review of the source code by specialists, according to defined rules. The output of the test is a proper test report and respective inputs for a defect data collection for statistical and process improvement purposes.
There are approximately 700 possible static problems or faults in C programming. E.g. it may be regarded as a possible problem if you have a code line as follows:
if (a = b)
It is perfectly valid C. It assigns the content of b to the variable a and then evaluates the contents of a to see if it is other than zero. In this case the if condition would be fulfilled. However what the programmer probably meant was:
if (a == b)
A good automatic checker would make a comment to this line because it is unclean programming. A good programmer would write:
a = b;
if (a)
This makes the line more clear and a code checker would not stumble over this line. Of course there are many other possible static faults, like the precedence of operators or order of evaluation problems. Modern code checkers can find the most important one of these faults. In total this will be approximately 350 to 400 fault conditions which can be detected by current state of the art static code analysis tools.
There are approximately 700 possible static problems or faults in C programming. E.g. it may be regarded as a possible problem if you have a code line as follows:
if (a = b)
It is perfectly valid C. It assigns the content of b to the variable a and then evaluates the contents of a to see if it is other than zero. In this case the if condition would be fulfilled. However what the programmer probably meant was:
if (a == b)
A good automatic checker would make a comment to this line because it is unclean programming. A good programmer would write:
a = b;
if (a)
This makes the line more clear and a code checker would not stumble over this line. Of course there are many other possible static faults, like the precedence of operators or order of evaluation problems. Modern code checkers can find the most important one of these faults. In total this will be approximately 350 to 400 fault conditions which can be detected by current state of the art static code analysis tools.
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/11379785/viewspace-675908/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/11379785/viewspace-675908/
扫一扫
5767
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
