Google
 
   
Login
Username:

Password:


Lost Password?

Register now!
Search

Advanced Search
Main Menu
service
Impressum
Datenschutz
Haftungsausschluss
top books
Polls
What do you think about php-deluxe.net?
Excellent!
Cool
Hmm..not bad
What the hell is this?
encyclopedia
WordPerfect
Active Scripting
Elan programming language
L2TP
Linear Flash
Asymmetric Publications
Alternate key
recommendation
Freenet DSL
Who's Online
9 user(s) are online (9 user(s) are browsing encyclopedia)

Members: 0
Guests: 9

more...
partner

Static code analysis

Static code analysis is a set of methods for analysing Software source code or object code in an effort to gain understanding of what the software does and establish certain correctness criteria.

Schematically, there are several types of static analysis (which may be used in combination, even inside the same programming tool):

  • tools such as lint programming tool essentially look for constructs that look dangerous from an informal point of view;
  • formal methods consider the mathematical definition of the behaviors of programs, known as their semantics.

    • Some software metrics can also be seen as a form of static analysis.

    =Formal methods=

    Static analysis is a family of formal methods for automatically deriving information about the behavior of computer Software (and also hardware). One possible application of static analysis is automated Debugging aid, especially the finding of run-time errors – roughly speaking, events causing program crashes.

    Briefly, program analysis — including finding possible run-time errors – is ).

    There exist two main families of formal static analysis:

  • model checking considers systems that have finite state or may be reduced to finite state by abstraction (computer science);
  • static analysis by abstract interpretation approximates the behavior of the system, either from above (considering more behaviors than can happen in reality), or from below.

    • Interest in the development of static analysis tools, especially for use on safety-critical computer systems, was renewed after the high profile disaster of Ariane 5 Flight 501, when a space rocket exploded shortly after launch due to a computer bug, surely one of the most expensive of such bugs in history.

    =See also=

    *DAEDALUS *Formal verification *Software analysis *Software testing *Source code scanner *Code beautifier *Crash-only software *Graceful degradation *List of tools for static code analysis

    =External links=

    *[http://yunus.hun.edu.tr/~sencer/research.html information of software management] *[http://citeseer.org/csq=static+and+code+and+analysis Citations from CiteSeer] *[http://www.astree.ens.fr/ ASTRÃ?E project], with explanations on static analysis by abstract interpretation *[http://www.dwheeler.com/flawfinder/ Flawfinder], contains a good list of other static checking tools towards the bottom *[http://research.microsoft.com/collaboration/university/europe/Events/Workshop/sec2002/DVD/Pincus2/Materials/Pincus_PREfix_PREfast_and_other_tools_and_technologies.ppt PREfix] from Microsoft Research team - not GA (General Availability) yet. *[http://www.cs.ucla.edu/~palsberg/typeflow.html Type Inference and Static Analysis for Object-Oriented Software] by Jens Palsberg *[http://www2004.org/proceedings/docs/1p40.pdf Securing Web Application Code by Static Analysis and Runtime Protection]