Static code analysis

Citations Over TimeTop 10% of 2006 papers

Abstract

Programmers usually employ static checkers, it checks our programs for errors without executing them, in a process called static code analysis. In this way, it works with a program that has an initial indication of correctness (because it compiles) and try to avoid well-known traps and pitfalls before measuring it against its specifications (when it's tested). We use FindBugs, a popular open source static code checker for Java. Static code checkers in Java come in two flavors: those that work directly on the program source code and those that work on the compiled bytecode. Although each code checker works in its own way, most share some basic traits. They read the program and construct some model of it, a kind of abstract representation that they can use for matching the error patterns they recognize. They also perform some kind of data-flow analysis, trying to infer the possible values that variables might have at certain points in the program. Data-flow analysis is especially important for vulnerability checking, an increasingly important area for code checkers

Related Papers

• → Learning to Generate Pseudo-Code from Source Code Using Statistical Machine Translation(2015)260 cited
• → Identifying Auto-Generated Code by Using Machine Learning Techniques(2016)19 cited
• → Reusing and converting code clones to aspects - An algorithmic approach(2012)1 cited
• → Code Coverage and Fuzzing(2007)
• Evaluation of the efficiency and fault density of software generated by code generators