Static analysis

Introduction

In general, a static analysis is an analysis of the code that does not require the code to execute. Static analysis tools that can be used used for this purpose are QAC , QACPP or splint .

Input criteria

The source code compiles without warnings 15 Static analysis&The source code compiles without warnings&\ \hline

Motivation

Static analysis is the most efficient testing technique that is applied to the source code. It allows finding defects in an early stage of development as the code does not have to be completed. Also a static analysis can be executed before any other code related to the source code under test, is implemented. About 40% of the defects can be located using static analysis.

Process flow

Figure 2.1: Flow chart for static analysis

The static analysis is executed using a static analysis tool. These are tools that analyze source code and issues the warnings that were located. Warnings are evaluated after the automated analysis. When a warning was issued by the static analysis tool, this warning must either be solved or suppressed. This depends on the significance and the fixing effort of the warning which is judged by the author of the source code. A suppression can be added to the source code when needed. The suppressions will be evaluated during the code review. This will cause the static analysis tool to skip the warning from the warning list. This way, a zero warning policy is introduced: no warnings are allowed after static analysis.

Exit criteria

After static analysis, no warnings must be issued by the static analysis tool 15 Static analysis&After static analysis, no warnings must be issued by the static analysis tool&\ \hline

Each suppression must be commented in the source code 15 Static analysis&Each suppression must be commented in the source code&\ \hline