The static code analysis method is the method of searching for places in program text that are highly probable to contain errors. Programmers use special tools called static code analyzers for this purpose. Having got a list of suspicious code lines, a programmer reviews the corresponding code and fixes errors detected.
Static code analysis is used most often for controlling the quality of a project being developed. But static code analysis can be also used to solve some more peculiar tasks. I would like to describe some of these in this post.
Static analysis may be used for educational purposes. When estimating a student's work, a teacher usually reviews the code he has written and performs test launches of the program. Since there are a lot of students and only one teacher, he may additionally increase his attention by using a static code analyzer. Static analysis makes it more probable not to miss an issue a student must work on.
Another way of using a static analyzer for educational purposes is to check code written by novice programmers. This will help to find and explain errors in their code quicker. Moreover, the capability of analyzing indents, variable naming and so on, will help a person to quicker get used to writing code in the coding style accepted in the company.
Porting Software to a Different System
It is very difficult to write portable software especially if you did not intend to port your applications at first. That is why port of a program to some other operating system or hardware platform is always rather painful. You can hardly know all the specific issues awaiting your program on a different platform beforehand and you certainly cannot know how to find all the dangerous fragments in your code. Specialized code analyzers may help you by pointing to all the potentially unsafe fragments. They will tell you where you should not change types' sizes, data alignment rules, byte order or use deprecated functions and so on.
Searching for Backdoors
Static analysis may be used both for good and for bad purposes. Since code analysis helps developers to detect buffer overflows, stack overflows and other similar defects, an intruder can also do such things. By studying weak points of software, a hacker can choose an object for attack faster. That is, he does not need to review a huge amount of code - a static analyzer will do a part of the work for him. It will tell him where the code is especially vulnerable so that the hacker may go on to the next stage of his work, i.e., estimating if he can use the code defects found for his purposes and how.
Hackers often cannot get access to the source code of applications. But there are static analyzers that handle the executable binary code directly.
Of course, we can turn search of holes into a useful thing. For instance, many companies reward people who detect vulnerabilities in software. It is much easier to look for such vulnerabilities using static analyzers.
Using Third-party Source Codes
Programmers often use various open-source codes. In other words, they use open-source free libraries or their fragments. You may usually solve one task using different third-party solutions. Here the question arises, how to choose among them. Using static analysis in this sphere may appear an interesting method - the fewer errors are found, the more probable it is that this code is quality and safe.
If your team receives a third-party project for maintenance and development, static analysis will help you to detect the most dangerous fragments in the project and therefore you will be able to determine which parts of the system need maximum attention.
Proving the Necessity of Code Refactoring
Programmers often understand that a project becomes too complicated and starts to fall apart. They conclude that they need to perform code refactoring, otherwise most time will be consumed by maintenance and creating crutches to prevent code from complete breakdown. But programmers always have urgent tasks and it is not so easy for me to prove why it is more important to rewrite one of the old dialogues instead of creating a new one. A static analyzer may serve one of the arguments for you to listen to my advice by constantly screaming about too large functions, multiple use of global variables, too complicated class hierarchy and therefore unsafe functions and other horrors.
Of course, I have mentioned only some things I have managed to recall. There are a lot of other tasks static code analysis will help you to solve. Write to us if you have had interesting non-standard ways of using the static analysis methodology in your practice.
- 27th December, 2010: Initial post