Study of Static Analysis Methods

Research Project - TYIT Group-A9

Student’s Name Roll Number

Hardik Kangane 741
Nishant Kasbekar 742

Gaurav Kaspate 743

Jagruti Katpara 744

Shivani Kayasth 745

What Is Static Analysis?

➢ Static analysis is best described as a method of

debugging by automatically examining source
code before a program is run.
➢ Static code analysis is performed early in
development, before software testing begins.

➢ For organizations practicing DevOps, static code

analysis takes place during the “Create” phase.
Medium. Com
Why to do Static Analysis?
Static analysis is generally good at finding coding
issues such as:
➢ Programming errors
➢ Coding standard violations

➢ Undefined values

➢ Syntax violations

➢ Security vulnerabilities Perforce.com

 How Static Code Analysis Works ?

1) Write the Code

2) Run a Static Code Analyzer
3) Review the Results
4) Fix What Needs to Be Fixed
5) Move On to Testing

Verifysoft.com
 Types of Static Analysis Methods

Control analysis Data Analysis Fault/failure analysis Interface analysis

Control analysis Method

➢ It focuses on the control flow

in a calling structure.
➢ For example, a control flow
could be a process, function,
method or in a subroutine.

Javatpoint.com
 Data Analysis Method

It makes sure defined data is

properly used while also
making sure data objects are
properly operating.

G2. COM
Fault/failure analysis Method

It analyzes faults and

failures in model
components.

Fixsoftware. com
Interface analysis Method

It verifies simulations to
check the code and makes
sure the interface fits into
the model and simulation.

Geekforgeeks.com
Types of Static Analysis Tools
 How does a Static Analysis tool work?

➢ There needs to be source code to test the quality of it.

➢ Make use of static analysis tools and run a static
code analyzer.
➢ Review the flagged sections that don’t meet the
prescribed ruleset. This may include false positives or
even expected deviations.
➢ Coders address the critical errors first then address
lesser issues.
➢ Progress to the testing phase.

Parasoft.Com
 Benefits of Static Analysis Tools

➢ The best static code analysis tools offer speed, depth,

and accuracy.
➢ It can find weaknesses in the code at the exact
location.
➢ Automated tools can provide mitigation
recommendations, reducing the research time.
➢ It permits weaknesses to be found earlier in the
development life cycle, reducing the cost to fix.

Pvs-studio. Com
Drawbacks of Static Analysis Tools:-

➢ Automated tools do not support all programming languages.

➢ Automated tools produce false positives and false negative.
➢ Automated tools only as good as the rules they are using to
scan with.
➢ It does not find vulnerabilities introduced in the runtime
environment.
Conclusion:-

➢ Static Analysis can be a valuable tool in error detection in the process of software
development.
➢ Great for enforcing code standards.
➢ Although integration may be challenging,they provide substantial cost and time
savings
➢ Comes down to which tool is the best fit for you.
References:-

➔ https://www.perforce.com/blog
➔ https://www.geeksforgeeks.org
➔ https://www.securecodewarrior.com
➔ https://gcn.com
Thank you…😊