Computer/Software/Programming/Tools/Static source code analyzers
White Paper: Killing bugs before they kill your software organization

Stomping problems at the source

Increasing effectiveness with fewer resources

Even if a software development team is fully implementing code reviews, debugging, dynamic analysis, and testing it can greatly enhance software problem identification and eradication efforts by automatically identifying problems at their source-in the code prior to compiling or execution. This can be done with a static source code analyzer. Not only is static source code analysis 400% more effective than dynamic testing, it helps speed development, save costs, reduce resources and risks associated with other problem eradication efforts, and increases product quality by automatically performing functions that can otherwise take hundreds of programming hours, like the following:

  • Check source files for errors
  • Identify and correct coding problems
  • Isolate obscure problems
  • Map out unfamiliar programs
  • Enforce programming standards
  • Compute customized quantitative indicators of code size, complexity, and density
  • Generate detailed reports on the condition and structure of the code
  • Document the code review process

In short, static source code analysis reduces resources required for other problem eradication tactics and tools by helping the programmer eliminate hundreds of problems at their source.

Caption: In "Software Metrics: Establishing a Company-Wide Program" (Prentice-Hall) Grady and Caswell showed that "static testing is four times more effective than dynamic testing".
> See the chart close up.

Brushing out problems

Also known as lint tools, static source code analyzers can help programmers to more easily identify and correct problems that often pass through a compiler, like:

  • Syntax errors
  • Inconsistencies in common block declarations
  • Redundancies
  • Unused functions, subroutines, and variables
  • Inappropriate arguments passed to functions
  • Non-portable usage
  • Noncompliance with codified style standards
  • Type usage conflicts across different subprograms/program units
  • Variables that are referenced but not set
  • Maintenance problems

Team linting

A static source code analyzer is not limited to only enhancing a programmer's ability to identify and eradicate problems in code; it can also offer process and performance enhancements throughout the software development team. A team leader can use a static source code analyzer to identify problems in groups and modules, while QA managers can use it to verify the integrity of an entire package. Project managers can use a static source code analyzer to help establish and enforce coding standards, and to establish quality control measures.

Long-term protection

In addition to the immediate returns possible by automating the process of identifying problems at the coding stage of software development, an organization can derive significant long-term benefits from static source code analysis.

A software product must be maintained by an organization throughout its entire lifecycle, while employees can come and go. When a problem is identified and the coder is on another project or no longer with the company - or simply separated by time from the original coding process - the organization typically must relearn what was originally done, or even duplicate the original coding step to correct the problem.

By automating the analysis and documentation of the code, the organization will always have a record of what was done and will be able to more easily identify problems without duplicating previous efforts. The messages produced by a static analyzer can also help prevent code drift by identifying questionable coding practices.

In short, automated static source code analysis significantly reduces potential expenses from repetitive processes.

< Steps toward risk reduction | Historical lint >