A few weeks ago, I spoke with Mark Donsky, Director of Product Management, and Dave Peterson, Chief Marketing Officer, of Coverity to learn a little more about static analysis, particularly how it can help developers and how Coverity's product, Coverity Prevent Static Analysis, fits into the marketplace. Coverity also performs a regular scanning of various open source projects, which has yielded some interesting results.
Static analysis is when you examine code to look for patterns without compiling the code. Early static analysis applications only checked the style of code for things such as variable naming, but modern static analysis tools do much more. For example, static analysis tools are able to look for patterns that will lead to performance issues or security holes. Using a static analysis program can significantly improve the quality of your code, although it will never be a replacement for a code review by an experienced developer.
Coverity's tools look for the things that a QA team either will not find or would work very hard to find. Compared to other tools on the market, Coverity uses a significantly more sophisticated analysis that covers many more types of defects and has a lower rate of false positives. Lowering the rate of false positives is important because it wastes time for developers to check them out, and eventually the software gets ignored as a "boy who cried wolf." To reduce the false positive rate, Coverity's tools also perform path simulation, inter-procedural analysis, and check Boolean Satisfiability (SAT), which verifies if a found defect can be triggered in usage.
Visit the Coverity site for more information and to learn about the free trial of Coverity Prevent Static Analysis.
J.JaDisclosure of Justin's industry affiliations: Justin James has a contract with Spiceworks to write product buying guides.
———————————————————————————————————————————-Get weekly development tips in your inbox Keep your developer skills sharp by signing up for TechRepublic's free Web Developer newsletter, delivered each Tuesday. Automatically subscribe today!
Justin James is an OutSystems MVP, architect, and developer with expertise in SaaS applications and enterprise applications.