Static analysis tools are typically used by the developers before and sometimes during component and integration testing.
- It is also used by the designers during software modeling
- Compiler can be considered as a static analysis tool because it builds a symbol table, points out incorrect usage and checks for non-compliance to coding language conventions or syntax.
The various features of static analysis tools are discussed below with a special focus on static code analysis tools because they are the most common in day to day practice.
Static code analysis tools are as follows:
- Coding standards: A coding standard consists of a set of programming rules, naming conventions (e.g. Classes should start with capital C) and layout specifications (e.g. Indent 4 spaces towards right). The main advantage of this is that it saves lots of effort. The added advantage of adapting this approach is that if we take a well-known coding standard there will probably be checking tools available that support that standard. Without such tools the enforcement of coding standard in an organization is likely to fail because the number of rules in the coding standard is so large that nobody can remember them all. Another reason is that if people spend time checking coding standards in reviews that will distract them from other defects that might otherwise find and makesing the review process less effective.
2. Code metrics: Code metrics is basically the measurement of depth of nesting, cyclomatic number and number of lines of code. This information can be computed not only as the design and code are being created but also during the changes that are made to the system, to see if the design or code is becoming bigger, more complex and more difficult to understand and maintain. The measurement also helps us to decide between several design alternatives. There are many different types of structural measures. One of them is Cyclomatic complexity metric. The Cyclomatic complexity metrics based on the number of decisions in a program. It is important to tester because it provides an indication of the amount of testing. There are many ways to calculate cyclomatic complexity but the easiest way is to sum the number of binary decision statements (e.g. if, while, for, etc.) and add 1 to it.
For example : below is a simple program;
THEN IF B>C
In the program mentioned above has 2 IF conditions. Thus just add 1 to it and the cyclomatic complexity is 2+1=3.
We can also calculate the cyclomatic complexity using the control flow.
In the control flow shown below there are 7 nodes (shapes) and 8 edges (lines). Thus by formula ((no. of edges-no. of nodes)+2) that is (8-7)+2 = 1+2 = 3.
3. Code structure: Code structure tells us about the effort required to write the code in the first place, to understand the code while making the change, or to test the code using particular tools or techniques. There are several aspect of code structure to consider:
- Control flow structure: It addresses the sequence in which the instructions are executed.
- Data flow structure: It follows the track of the data item as it is accessed and modified by the code.
- Data structure: It refers to the organization of the data itself, independent of the program.