Practical experience and evaluation of continuous code static analysis with C++Test

JAMAICA 2013 Pub Date : 2013-07-15 DOI:10.1145/2489280.2489290

Vincenzo Ciriello, G. Carrozza, S. Rosati

{"title":"Practical experience and evaluation of continuous code static analysis with C++Test","authors":"Vincenzo Ciriello, G. Carrozza, S. Rosati","doi":"10.1145/2489280.2489290","DOIUrl":null,"url":null,"abstract":"The static code analysis tools are a fundamental instruments to validate the developed code. They allow detecting bugs (as memory leak, accessing arrays out of bounds, etc.. ), structural errors and preventing entire classes of errors. This work refers to the Parasoft's tool \"C++test\". It helps developers prevent and eliminate defects using rules tuned to nd code patterns that lead to reliability, performance, and security problems. To be practical, the static analysis must be seamlessly in- tegrated into the team's work- ow. The \"`continuous static analysis\"' allows executing automatically the analysis when the new code is released. In this way is possible to realize a further automation in the software development executing the tool during the night or weekend. The time saved to run the tool can be used to analyze and correct the bugs. When you deal with static analysis, it's important to under- line the problem of false positive. It would be attractive if we could develop a tool that could intercept all defects in a given piece of software with certainty. Not all real errors can always be caught, and not all errors caught can always be real. This work presents a quantitative evaluation on the percentile of false positive generated by C++test.","PeriodicalId":203209,"journal":{"name":"JAMAICA 2013","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"JAMAICA 2013","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2489280.2489290","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

The static code analysis tools are a fundamental instruments to validate the developed code. They allow detecting bugs (as memory leak, accessing arrays out of bounds, etc.. ), structural errors and preventing entire classes of errors. This work refers to the Parasoft's tool "C++test". It helps developers prevent and eliminate defects using rules tuned to nd code patterns that lead to reliability, performance, and security problems. To be practical, the static analysis must be seamlessly in- tegrated into the team's work- ow. The "`continuous static analysis"' allows executing automatically the analysis when the new code is released. In this way is possible to realize a further automation in the software development executing the tool during the night or weekend. The time saved to run the tool can be used to analyze and correct the bugs. When you deal with static analysis, it's important to under- line the problem of false positive. It would be attractive if we could develop a tool that could intercept all defects in a given piece of software with certainty. Not all real errors can always be caught, and not all errors caught can always be real. This work presents a quantitative evaluation on the percentile of false positive generated by C++test.

查看原文本刊更多论文

用c++ Test进行连续代码静态分析的实践经验和评价

静态代码分析工具是验证开发代码的基本工具。它们允许检测bug(如内存泄漏、访问超出边界的数组等)。，结构错误和防止整个类型的错误。这项工作参考了Parasoft的工具“c++测试”。它帮助开发人员使用经过调优的规则和代码模式来防止和消除导致可靠性、性能和安全性问题的缺陷。为了实用，静态分析必须无缝地集成到团队的工作流程中。“连续静态分析”允许在新代码发布时自动执行分析。通过这种方式，可以在夜间或周末执行工具的软件开发中实现进一步的自动化。运行工具所节省的时间可以用于分析和纠正错误。当你处理静态分析时，重要的是要注意假阳性的问题。如果我们能够开发出一种工具，能够在给定的软件中截获所有的缺陷，这将是很有吸引力的。并不是所有真实的错误都能被发现，也不是所有被发现的错误都是真实的。本文对c++测试产生的假阳性百分比进行了定量评价。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

JAMAICA 2013

自引率

0.00%

发文量