Automated source code analysis is technology aimed at locating and describing areas of weakness in source code. Those weaknesses might be security vulnerabilities, logic errors, implementation defects, concurrency violations, rare boundary conditions, or many other types of problem-causing code. Static analysis is differentiated from more traditional dynamic analysis techniques such as unit or penetration test by the fact that the work is performed at build time using only the source code of the program or module in question. The results reported are therefore generated from a complete view of every possible execution path, rather than some aspect of a necessarily limited observed runtime behavior. Download this paper to gain a complete understanding of this technology, the benefits it offers, and the types of defects it can detect.
Klocwork, Source Code Analysis Tools, C, C++, Java