1888Articles.com Logo
Sign In Register Latest Authors Latest Articles Sitemap
Submit an Article Expert Authors RSS Feed Archive Article Featured Articles Pricing Options
1888 Articles Home | Computer Articles | Software Articles Software RSS

The Evolution of Source Code Analysis

Since the early 1980s, source code analysis has evolved from isolated desktop analysis to broad system-level analysis with constant progress being made in terms of the accuracy of the analysis and criticality of bugs that can be found. Each approach has benefits and drawbacks.
Author: Gwyn Fisher
Article Tools:           

Automated source code analysis (SCA) technology is designed to locate and describe areas of weakness in software source code. Those weaknesses may be security vulnerabilities, logic errors, implementation defects, concurrency violations, rare boundary conditions, or any number of other types of problem-causing code. Source code analysis is distinct from more traditional dynamic analysis techniques, such as unit or penetration tests, since the work is performed at build time using only the source code of the program or module in question. The results reported are therefore generated from a complete view of every possible execution path, rather than some aspect of a necessarily limited observed runtime behavior.

The underlying technology associated with SCA is called Static Analysis and the current generation of technology solutions is capable of providing sophisticated, high-value analysis that will identify critical bugs and security vulnerabilities in code that can potentially cause system crashes, hacker exploits or affect the overall reliability of mission-critical software. As a result of recent innovations in this domain, organizations that develop mission-critical software are adopting SCA technology as a standard milestone of their integration build during pre-quality assurance (QA) activities. This has proven to be a useful stage at which to perform static analysis and has provided benefit in terms of accuracy and comprehension. However, build-time analysis suffers from an inherent weakness: code has already been committed to a source branch, so by the time a bug is discovered it is already impacting other members of the development organization and other elements of the system.

Professional software development organizations are now looking to better integrate static analysis technology into their software development processes and to implement this capability as early as possible in the software development process rather than strictly as a build milestone activity. Reduced costs, better QA efficiency, and significantly improved software products are all benefits to organizations that are able to move high-quality source code analysis and software quality tool to the earliest point in the coding phase: the developer’s desktop.

This paper examines the evolution of source code analysis from developer desktop to integration/build and beyond, and describes how Klocwork Insight uses revolutionary new technology to be the first to take the next step in that evolution.

First Generation Source Code Analysis: A Developer’s Tool

The technology behind source code analysis – static analysis – c static analysis - has been around almost as long as modern software development practices. Fundamentally, the technology is a derivative of the compilation process, and for almost 30 years tools such as lint have been available to developers to run against their code.

Second Generation Source Code Analysis: The Comeback Kid

Realizing the limits of the first generation of source code analysis technology, a new generation of tools emerged in the early 2000s. These tools extended the analysis beyond syntactical and semantic analyses to include sophisticated inter-procedural control- and data-flow analysis and new approaches for pruning false paths, estimating the values that variables will assume, and simulating potential runtime behavior.

Third Generation Source Code Analysis: Klocwork Insight

Klocwork Insight is the first source code analysis product that allows developers to take control of the analysis process while also benefiting from the accuracy and value of centralized analysis - with none of the downstream auditing that second-generation techniques required.

About Klocwork

Klocwork is an enterprise software company providing automated source code analysis products that automate security vulnerability and quality risk assessment, remediation and measurement for C, C++ and Java software. More than 200 organizations have integrated Klocwork's automated source code analysis tools into their development process, thereby:

• Reducing risk by assuring their code is free of mission-critical flaws
• Reducing cost by catching issues early in the development cycle
• Freeing developers to focus on what they do best - innovate

About Author

Gwyn Fisher is the CTO of Klocwork, leading developer of automated source code inspection and expert in FDA software validation. With Klocwork, he is responsible for guiding the company’s technical direction and strategy. With nearly 20 years of global technology experience, Gwyn brings a valuable combination of vision, experience, and direct insight into the developer perspective. http://www.klocwork.com/solutions/fdaSoftwareValidation.asp
www.klocwork.com/products/insightArchitecture.asp

Article Source: http://www.1888articles.com/author-gwyn-fisher-15935.html

Other Related Articles

Uk Payday Loans- An Instant Cash Relief For All Uk Citizens by Ann Gibson

Unsecured personal loans: collateral free funds to settle your financial issues by James Strom

The Evolution of Source Code Analysis by Gwyn Fisher

Personal Loans with Poor Credit Rating - No FICO Factor for Personal Expenses by Jennifer Morva

Secured Loans for Homeowners – Higher Loans with Longer Terms by Steve c clark



Computer
Certification Tests
Data Recovery
Games
Hardware
Mobile Computing
Personal Tech
Software
All Category

1888ArticlesHome| About Us| Submit an Article| Services| Contact Us| Author Guideline| Publisher Guideline| Privacy Policy| Favorite| Buddies| Site Map