Experiences with program static analysis

Abstract

Conventionally, software quality has been measured mainly by the number of test items, the test coverage, and the number of faults in the test phase. This approach of relying heavily on testing is not satisfactory from a quality assurance viewpoint. Since software is becoming larger and more complex, quality must be assured from the early phases, such as requirements analysis, design and coding. Code reviews are effective to build in software quality from the coding phase. However, for a large-scale software development, there are limitations in covering all the programs. The advantage of using static analysis tools is the capability to detect fault-prone programs easily and automatically. We describe the effective use of a static analysis tool, and show the effectiveness of the static analysis technique.