Source Code Analysis

Why Trust Techopedia

What Does Source Code Analysis Mean?

Source code analysis is the automated testing of a program’s source code with the purpose of finding faults and fixing them before the application is sold or distributed.

Source code analysis is synonymous to static code analysis, where the source code is analyzed simply as code and the program is not running. This removes the need for creating and using test cases, and may separate itself from feature-specific bugs like buttons being a different color than what the specifications say. It concentrates on finding faults in the program that may be detrimental to its proper function like crash-causing lines of code.

Techopedia Explains Source Code Analysis

Source code analysis is basically automated code debugging. The aim is to find bugs and faults that may not be obvious to a programmer. It is meant to find faults like possible buffer overflows or untidy use of pointers and misuse of garbage collection functions, all of which may be exploitable by a hacker.

Code analyzers work using rules that tell it what to look for. With too little precision, an analyzer might spew out too many false positives and flood the user with useless warnings, while too much precision might take too long to finish; therefore, has to be a balance.

There are two kinds of analyzers:

    • Interprocedural – Detects patterns from one function to the next, and these patterns are correlated so that the analyzer can create a model and simulate execution paths.

 

  • Intraprocedural – Focuses on pattern matching and depends on what kinds of patterns the user is looking for.

Interprocedural analyzers are more modern and more complex. Good examples of this are Coverity, Fortify and Microsoft’s own centralized tool PREfix.

Related Terms

Margaret Rouse
Technology Expert
Margaret Rouse
Technology Expert

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.

Advertisements