Skip to main content

Static Code Analysis

Static code analysis looks at the code without executing it. It is usually extremely fast to execute, requires little effort to add to your workflow, and can uncover common mistakes. The only downside is that it is not tailored towards your code.

Code Complexity

One way to measure code complexity is the cyclomatic complexity, also called McCabe complexity as defined in A Complexity Measure:

CC = E - N + 2*P

where N is the number of nodes in the control flow graph, E is the number of edges and P is the number of condition-nodes (if-statements, while/for loops).

Cyclomatic complexity is a software metric used to indicate the complexity of a program. It is a quantitative measure of the number of linearly independent paths through a program's source code. It was developed by Thomas J. McCabe, Sr. in 1976.

Cyclomatic complexity is computed using the control flow graph of the program: the nodes of the graph correspond to indivisible groups of commands of a program, and a directed edge connects two nodes if the second command might be executed immediately after the first command. Cyclomatic complexity may also be applied to individual functions, modules, methods or classes within a program.

One testing strategy, called basis path testing by McCabe who first proposed it, is to test each linearly independent path through the program; in this case, the number of test cases will equal the cyclomatic complexity of the program.

https://en.wikipedia.org/wiki/Cyclomatic_complexity

Test & Code Coverage

In computer science, test coverageis a measure used to describe the degree to which the source code of a program is executed when a particular test suite runs. A program with high test coverage, measured as a percentage, has had more of its source code executed during testing, which suggests it has a lower chance of containing undetected software bugs compared to a program with low test coverage. Many different metrics can be used to calculate test coverage; some of the most basic are the percentage of program subroutines and the percentage of program statements called during execution of the test suite.

Test coverage was among the first methods invented for systematic software testing. Code Coverage is a measurement of how many lines/blocks/arcs of your code are executed while the automated tests are running.

Code coverage is collected by using a specialized tool to instrument the binaries to add tracing calls and run a full set of automated tests against the instrumented product. A good tool will give you not only the percentage of the code that is executed, but also will allow you to drill into the data and see exactly which lines of code were executed during particular test.

Code Coverage = (Number of lines of code exercised) / (Total Number of lines of code) * 100%

Following are the types of code coverage Analysis

  • Statement coverage and Block coverage (Line coverage)
  • Function coverage
  • Function call coverage
  • Branch coverage
  • Modified condition/decision coverage

Knowing the percentage of code that is covered by tests, can help developers assess the quality of their test cases and help them add missing tests and thereby find and remove software faults

https://codecov.io

Lint / Linting / Linter

Lint (In computer programming, lint is a Unix utility that flags some suspicious and non-portable constructs (likely to be bugs) in C language source code; generically, lint or a linter is any tool that flags suspicious usage in software written in any computer language.)

Code linting is the act of finding bugs, stylistic errors, and suspicious constructs from static code analysis.

Used

  • Flagging bugs in your code from syntax errors
  • Giving you warnings when code may not be intuitive
  • Providing suggestions for common best practices
  • Keeping track of TODO's and FIXME's
  • Keeping a consistent code style

https://www.freecodecamp.org/news/dont-just-lint-your-code-fix-it-with-prettier

Code Validator / Linter / Analysis - https://deepsource.io

Application Inspector

Microsoft Application Inspector is a software source code analysis tool that helps identify and surface well-known features and other interesting characteristics of source code to aid in determiningwhat the software isorwhat it does. It has received attention on ZDNet, SecurityWeek, CSOOnline, Linux.com/news, HelpNetSecurity, Twitter and more and was first featured on Microsoft.com. Application Inspector is different from traditional static analysis tools in that it doesn't attempt to identify "good" or "bad" patterns; it simply reports what it finds against a set of over 400 rule patterns for feature detection including features that impact security such as the use of cryptography and more. This can be extremely helpful in reducing the time needed to determine what Open Source or other components do by examining the source directly rather than trusting to limited documentation or recommendations.

The tool supports scanning various programming languages including C, C++, C#, Java, JavaScript, HTML, Python, Objective-C, Go, Ruby, PowerShell and more and can scan projects with mixed langauge files. It also includes HTML, JSON and text output formats with the default being an HTML report similar to the one shown here.

https://github.com/Microsoft/ApplicationInspector

SonarQube (Continuous Code Quality Inspector)

SonarQube (formerly Sonar) is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+programming languages. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security vulnerabilities.

SonarQube can record metrics history and provides evolution graphs. SonarQube provides fully automated analysis and integration with Maven, Ant, Gradle, MSBuild and continuous integration tools (Atlassian Bamboo, Jenkins, Hudson, etc.).

https://en.wikipedia.org/wiki/SonarQube

https://www.sonarqube.org

AI Autocomplete & Assistant

Other Tools

Python - Static Code Analysis