Source code analysis (also known as static code analysis) enables software developers and testers to analyze source code for quality and reliability. You can identify and diagnose run-time errors such as overflows, divide by zero, and illegally dereferenced pointers. You can use the resulting metrics to measure and improve software quality. This analysis is also automated, so you can analyze code without executing the program or developing test cases.
Basic source analysis techniques include:
Sophisticated techniques couple source code analysis with formal methods that apply theoretical computer science fundamentals to solve problems such as proving that the software will not fail with a run-time error.
The combination of source code analysis and formal methods lets you detect elusive run-time errors and prove the absence of certain run-time errors. This comprehensive approach makes sure that every failure point in the code is identified as proven to fail, proven not to fail, may never execute (dead code), or unproven.
The Polyspace products are source code analysis tools that use formal methods. You can use them to detect run-time errors and prove the absence of certain run-time errors in C/C++ and Ada source code. They also produce code quality metrics and check your source code for compliance to code standards such as MISRA-C/C++ and JSF++.