The Evolution of Source Code Analysis

Automated source code analysis (SCA) technology is designed to locate and describe areas of weakness in software source code. Those weaknesses may be security vulnerabilities, logic errors, implementation defects, concurrency violations, rare boundary conditions, or any number of other types of problem-causing code. Static source code analysis is distinct from more traditional dynamic analysis techniques, such as unit or penetration tests, since the work is performed at build time using only the source code of the program or module in question. The results reported are therefore generated from a complete view of every possible execution path, rather than some aspect of a necessarily limited observed runtime behavior.

The underlying technology associated with SCA is called Static Analysis and the current generation of technology solutions is capable of providing sophisticated, high-value analysis that will identify critical bugs and security vulnerabilities in code that can potentially cause system crashes, hacker exploits or affect the overall reliability of mission-critical software. As a result of recent innovations in this domain, organizations that develop mission-critical software are adopting SCA technology as a standard milestone of their integration build during pre-quality assurance (QA) activities. This has proven to be a useful stage at which to perform static analysis and has provided benefit in terms of accuracy and comprehension. However, build-time analysis suffers from an inherent weakness: code has already been committed to a source branch, so by the time a bug is discovered it is already impacting other members of the development organization and other elements of the system.

Professional software development organizations are now looking to better integrate static analysis technology into their software development processes and to implement this capability as early as possible in the software development process rather than strictly as a build milestone activity. Reduced costs, better QA efficiency, and significantly improved software products are all benefits to organizations that are able to move high-quality source code analysis and software quality tool to the earliest point in the coding phase: the developer's desktop.

This paper examines the evolution of source code analysis from developer desktop to integration/build and beyond, and describes how Klocwork Insight uses revolutionary new technology to be the first to take the next step in that evolution.

First Generation Source Code Analysis: A Developer's Tool

The technology behind source code analysis � static analysis � c static analysis - has been around almost as long as modern software development practices. Fundamentally, the technology is a derivative of the compilation process, and for almost 30 years tools such as lint have been available to developers to run against their code.

Second Generation Source Code Analysis: The Comeback Kid Realizing the limits of the first generation of source code analysis technology, a new generation of tools emerged in the early 2000s. These tools extended the analysis beyond syntactical and semantic analyses to include sophisticated inter-procedural control- and data-flow analysis and new approaches for pruning false paths, estimating the values that variables will assume, and simulating potential runtime behavior.

Third Generation Source Code Analysis: Klocwork Insight Klocwork Insight is the first source code analysis product that allows developers to take control of the analysis process while also benefiting from the accuracy and value of centralized analysis - with none of the downstream auditing that second-generation techniques required.

About Klocwork

Klocwork is an enterprise software company providing automated source code analysis products that automate security vulnerability and quality risk assessment, remediation and measurement for C, C++ and Java software. More than 200 organizations have integrated Klocwork's automated source code analysis tools into their development process, thereby:

  • Reducing risk by assuring their code is free of mission-critical flaws
  • Reducing cost by catching issues early in the development cycle
  • Freeing developers to focus on what they do best - innovate

Gwyn Fisher is the CTO of Klocwork, leading developer of automated sourcecode inspection in FDA software validation. With Klocwork, he is responsible for guiding the company's technical direction and strategy. With nearly 20 years of global technology experience, Gwyn brings a valuable combination of vision, experience, and direct insight into the developer perspective.

Web Designing Company in Chennai | Web Development Company in Chennai | Web Design Company in Chennai | Web Design Companies in Chennai | Website Designing Company in Chennai | Web Designing in Chennai | Web Development Chennai | Web Design India | Web Development India | Website Re-designing Chennai | software company in chennai | software company in india | software development company | software development company in chennai | software development companies in chennai | application development company in india | business application development | application migration | application development | Healthcare Benefit Administration Software | medical benefits administration | benefits administration software | healthcare benefit administration software | medical benefit administration | practice management system software | practice management software | AJAX Development | Oracle Application Development | PHP Development India | Joomla Development | Flash Website Design | Rich Internet Applications | Mobile Website Development