By Topic

Static code analysis

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Louridas, P. ; Greek Res. & Technol. Network

Programmers usually employ static checkers, it checks our programs for errors without executing them, in a process called static code analysis. In this way, it works with a program that has an initial indication of correctness (because it compiles) and try to avoid well-known traps and pitfalls before measuring it against its specifications (when it's tested). We use FindBugs, a popular open source static code checker for Java. Static code checkers in Java come in two flavors: those that work directly on the program source code and those that work on the compiled bytecode. Although each code checker works in its own way, most share some basic traits. They read the program and construct some model of it, a kind of abstract representation that they can use for matching the error patterns they recognize. They also perform some kind of data-flow analysis, trying to infer the possible values that variables might have at certain points in the program. Data-flow analysis is especially important for vulnerability checking, an increasingly important area for code checkers

Published in:

Software, IEEE  (Volume:23 ,  Issue: 4 )