05/01/2023 1

STATIC CODE ANALYSIS

05/01/2023 2

What Is Static Code Analysis? Why Static Code Analysis Is Useful? Seven axes of code quality Effects of Fixing Code Quality Static coda analysis tools

◦ Sonarqube◦ Coverity

Content:

05/01/2023 3

Static code analysis is a method of computer program debugging that is done by examine in the code without executing the program.

What Is Static Code Analysis??

05/01/2023 4

From W. S. Humphrey, "Using a Defined and Measured Personal Software Process," IEEE Software, May, 1996 “Even experienced programmers typically

make a mistake for every seven to ten lines of code they develop.”

Why Static Code Analysis Is Useful???

05/01/2023 5

Seven axes of code quality

05/01/2023 6

monitoring and fixing code quality issues is something that is proven to raise the quality of your application AND your ability to deliver that application to stakeholders on time.

05/01/2023 7

05/01/2023 8

SONARQUBE

05/01/2023 9

What is SonarQubeCode qualityFeatures BenefitsStrength of the platform

05/01/2023 10

Platform to manage code quality.

Open source, possible to pay for support and some plug-ins.

Active community support, plug-ins,books

SonarQube

05/01/2023 11

05/01/2023 12

Do You Fix Code Quality Problems?

05/01/2023 13

What is good code?

05/01/2023 14

Platform Independent Runs on Windows, Mac OSX, Linux, Solaris.

Server is fairly light weight. Plug-in architecture

Vibrant community extending sonar functionalities Plug-ins for nearly every language you can expect. Plug-ins providing additional metrics, including total quality, technical debt and more.

Features

05/01/2023 15

Total cost of ownership Functional coverage Continuous inspection Actionable reporting Interaction Strong community Languages coverage Extensibility

Strength of the platform

05/01/2023 16

Java C

Java Script C++

PHP C#

VB.Net COBOL

20+ Programming Languages

05/01/2023 17

05/01/2023 18

SonarQube architecture

05/01/2023 19

User runs client to analyze source Analyzer sends data on source files to

database Web server provides presentation for

violation data, administration for users and analyses, configuration of plug-ins, features and functionalities.

Sonarqube Architecture

05/01/2023 20

COVERITY

05/01/2023 21

Coverity Static Analysis (CSA) helps developers find hard-to-spot, yet potentially crash-causing defects early in the software development life-cycle, reducing the cost, time, and risk of software errors

What Is Coverity???

05/01/2023 22

Concurency Defects Performance degradation Crash causing errors Incorrect program behavior Security Vulnarabilities

What Are The Errors???

05/01/2023 23

How Coverity Static Analysis Works???

05/01/2023 24

Defects Found by Coverity

05/01/2023 25

API usage errors Code maintainability issues Concurrent data access violations Control flow issues Error handling issues Incorrect expression Integer handling issues Memory - corruptions Memory - illegal accesses Null pointer dereferences Program hangs Resource leaks Security best practices violations Uninitialized variables

Defect Categories

05/01/2023 26

05/01/2023 27

Best of Bread Analysis Integration With The Developer Workflow Defect Management and Impact

Management Performance and Scale Extensible Platform

Key Features

05/01/2023 28

Supported Platforms

Supported Compilers

Supported IDEs

Minimum System Requiremets

• AIX• FreeBSD• HP-UX• Linux• Mac OS X• NetBSD• Solaris• Windowss

• ARM• Cosmic C Cross Compilers• Freescale Code Warrior• GNU GCC, G++• Intel C++• Keil• QNX• Renesas• Sun (Oracle)CC and cc• Texas Instruments• Visual Studio• WindRiver• Xcode GCC and G++

• Eclipse v3.5, v3.6, v3.7• WindRiver Workbench v3.2, v3.3• Visual Studio versions 2005,2008, and 2010

• 1 GHz CPU• 1 GB of RAM minimum,2 GB recommended• 1 GB of free hard disk space

Supported Environments

05/01/2023 29

Creating An Enforceable Process

05/01/2023 30

Proven significant operational cost reduction.

Metric visibility of code estate onshore and offshore.

Proven history of finding crash causing or unexpected behavior causing defects.

Process improvement of the Application Lifecycle Management.

Coverity Summary

05/01/2023 31

THANKYOU!!

05/01/2023 32

http://zeroturnaround.com/rebellabs

http://docs.codehaus.org/display/SONAR/Configuring+SonarQube+in+Eclipse

Reference