What is static source code analysis?
Static source code analysis is the process by which software developers check their code for problems and inconsistencies before compiling.
Organizations can automate the source code analysis process by implementing a tool that automatically analyzes the entire program, generates charts and reports that graphically present the analysis results, and recommends potential resolutions to identified problems.
Static analysis tools scan the source code and automatically detect errors that typically pass through compilers and become latent problems, including the following:
- Unreachable code
- Unconditional branches into loops
- Undeclared variables
- Uninitialised variables
- Parameter type mismatches
- Uncalled functions and procedures
- Variables used before initialization
- Non-usage of function results
- Possible array bound errors
- Misuse of pointers