Static code analysis

 What Is Static Code Analysis?
 Why Static Code Analysis Is Useful?
 Seven axes of code quality
 Effects of Fixing Code Quality
 Static coda analysis tools
◦ Sonarqube
◦ Coverity
1/21/2016 2

 Static code analysis is a method of computer
program debugging that is done by examine
in the code without executing the program.
1/21/2016 3

From W. S. Humphrey, "Using a Defined and
Measured Personal Software Process," IEEE
Software, May, 1996
 “Even experienced programmers typically
make a mistake for every seven to ten lines of
code they develop.”
1/21/2016 4

 monitoring and fixing code quality issues is
something that is proven to raise the quality
of your application AND your ability to deliver
that application to stakeholders on time.
1/21/2016 6

What is SonarQube
Code quality
Features
Benefits
Strength of the platform
1/21/2016 9

 Platform to manage code
quality.
 Open source, possible to pay
for support and some plug-
ins.
 Active community support,
plug-ins,books
1/21/2016 10

 Platform Independent
Runs on Windows, Mac OSX, Linux, Solaris.
 Server is fairly light weight.
 Plug-in architecture
Vibrant community extending sonar
functionalities
Plug-ins for nearly every language you can
expect.
Plug-ins providing additional metrics, including
total quality, technical debt and more.
1/21/2016 14

 Total cost of ownership
 Functional coverage
 Continuous inspection
 Actionable reporting
 Interaction
 Strong community
 Languages coverage
 Extensibility
1/21/2016 15

 User runs client to analyze source
 Analyzer sends data on source files to
database
 Web server provides presentation for violation
data, administration for users and analyses,
configuration of plug-ins, features and
functionalities.
1/21/2016 19

 Coverity Static Analysis (CSA) helps
developers find hard-to-spot, yet potentially
crash-causing defects early in the software
development life-cycle, reducing the cost,
time, and risk of software errors
1/21/2016 21

 Concurency Defects
 Performance degradation
 Crash causing errors
 Incorrect program behavior
 Security Vulnarabilities
1/21/2016 22

 API usage errors
 Code maintainability issues
 Concurrent data access violations
 Control flow issues
 Error handling issues
 Incorrect expression
 Integer handling issues
 Memory - corruptions
 Memory - illegal accesses
 Null pointer dereferences
 Program hangs
 Resource leaks
 Security best practices violations
 Uninitialized variables
1/21/2016 25

 Best of Bread Analysis
 Integration With The Developer Workflow
 Defect Management and Impact Management
 Performance and Scale
 Extensible Platform
1/21/2016 27

Supported
Platforms
Supported
Compilers
Supported IDEs Minimum System
Requiremets
• AIX
• FreeBSD
• HP-UX
• Linux
• Mac OS X
• NetBSD
• Solaris
• Windowss
• ARM
• Cosmic C
Cross Compilers
• Freescale Code
Warrior
• GNU GCC,
G++
• Intel C++
• Keil
• QNX
• Renesas
• Sun (Oracle)CC
and cc
• Texas
Instruments
• Visual Studio
• WindRiver
• Xcode GCC
and G++
• Eclipse v3.5,
v3.6, v3.7
• WindRiver
Workbench v3.2,
v3.3
• Visual Studio
versions 2005,
2008, and 2010
• 1 GHz CPU
• 1 GB of RAM
minimum,
2 GB
recommended
• 1 GB of free
hard disk space
1/21/2016 28

 Proven significant operational cost
reduction.
 Metric visibility of code estate onshore and
offshore.
 Proven history of finding crash causing or
unexpected behavior causing defects.
 Process improvement of the Application
Lifecycle Management.
1/21/2016 30

 http://zeroturnaround.com/rebellabs
 http://docs.codehaus.org/display/SONAR/Co
nfiguring+SonarQube+in+Eclipse
1/21/2016 32

Static code analysis

More Related Content

What's hot

Viewers also liked

Similar to Static code analysis

Recently uploaded

Static code analysis