Static analysis is any analysis of a program that is performed without executing the program. It can be anything from reviewing source code, to compiling with warnings enabled, to running a spell checker on the documentation. Although static analysis finds defects, most people have had negative experiences with static analysis tools: using them can be a time-consuming, expensive, arbitrary process that generates noise (not defects). But, with careful investigation and thoughtful planning, static analysis tools can be a very cost-effective technique to improve software quality by finding important defects early in the project cycle - and preventing them from re-appearing. This paper will give an overview of static analysis tools, describe the benefits and drawbacks of using them, show how to define a static analysis process, and provide tips based on my experience.
展开▼