Beruflich Dokumente
Kultur Dokumente
CONTINUED BY KARTIK K
CONTENTS
Though manual review is a good mechanism for static analysis, a number of tools are available, particularly
for analysis of the source code. These tools will make our lives easy by pointing out a number of defects in
the code such as:
• Whether the code is as per the coding standards/guidelines.
• Syntax mistakes.
• Declaring a variable and not using it.
• Unreachable code (also called dead code). Code which will never be executed called unreachable code.
• Security vulnerabilities of the code (such as buffer overflow).
• Portability problems (if the code contains machine dependent or operating system dependent features,
then the code is not portable).
• Coding metrics such as:
• Total number of lines.
• Number of commented lines to the number of uncommented lines (in some organizations the ratio
should be 1: 1).
• Code complexity (number of function points, number of function calls etc.).
A number of tools are also available that assist in designing particularly
when you use an Object Oriented Programming language like C++ and
Java. In such case, OOA and OOD tools such as UML tools will come in
handy. IBM Rational’s tools belong to this category .
Static analysis tools are used extensively by the developers during the
development phases such as design, implementation, and integration testing.
To give you an idea of the tools, we will discuss two simple utilities available
in the Unix/Linux environment in this section.
Tool for Readability Improvement/Indenting
When you write lengthy programs, indenting the code increases the readability. The shell command indent provides the
automatic indenting feature.
Option Description
-bad Blank lines after indentation
-bap Blank line after each function procedure body
In some Unix systems, the equivalent command is C beautifier (cb). The command format is:
$cb hello.c
Portability Testing Tool
To test the portability of C programs is important when the software has to be ported from one platform to another,
for example from Unix system running on a Pentium platform to a Solaris system running on SUN SPARC platform.
The "lint" utility available on the Unix/Solaris system can be used to check the portability of the code.
In addition to portability problems, lint also gives messages regarding "bad programming style". The various
messages given by lint are :
• Unused variables and functions.
• Assigning a long' variable to an 'int’.
• Variables which are used first and set later.
• Unreachable break statements.
• Function that returns a value which is never used.
• Type casting problems.
• Non-portable character use [for example, if c is a character variable, the code if( c=getchar() < 0) is
not portable].
• Unusual constructs (for example *p++ does nothing).
• Control statements that never succeed [if x is an unsigned integer, if (x<0)is never a success].