What are static code analyses used for?
Static code analyses deal with the structure of the
source code of software programs. The results of the
analyses, which are almost always supplied automatically
by using appropriate analysis tools, provide a picture of
the size and complexity of the analyzed programs.
The goal of such analyses is not necessarily to provide
pointers to specific errors, but rather to indicate where
the probability of error is
higher due to structural program features and where the
code will be more difficult to maintain and test (e.g.
numerous program branches, greater degree of nesting,
etc.). Code analyses should form part of a code review.
The analysis tools must be capable of handling the
relevant programming language of the source code.Possible
parameters for (automated) investigation of the code
The following list shows a selection of the parameters
most frequently used in code analysis:
- BLOC (Brutto Lines of Code): Number of all lines
- NLOC (Netto Lines of Code): Number of lines
containing no comments
- Number of comment lines
- DLOC (Delta Lines of Code): Number of lines
inserted or changed in the new version
- Number of program branches (C1)
- Number of queries (C2)
- Number of program paths (C3)
- Nesting depth
- Complexity factor based on McCabe
- Functions used
- Operators used
- Halstead estimated errors
Complexity factor based on McCabe
The complexity factor based on McCabe provides
information about the complexity of a program.
This is an important parameter, since an increase in the
complexity of a code also increases the
probability of error. The number of
independent paths in a function is calculated. The count
is 1 plus the number of decisions in the function: If,
for, while, do...while etc.: count as 1; switch with n
paths as (n-1), else is not counted. In related
literature, the goal to be achieved for this parameter is
generally a number <= 10, but this is found to be
difficult to achieve in practice. However, there is
nothing to prevent higher values being produced (with the
reasoning best set out in the program comments) if the
task definition requires this and the code has been
subjected to a review.
Halstead estimated errors
Halstead saw programming as a non-defined process of selecting
operators and operands from a predefined list.
Assuming that the probability of a specific operator
being selected is the same for all operators and a binary
decision tree unambiguously represents the mental
selection of a person, the volume (V) of a function is:
V = (N1 + N2) x log2 (n1 + n2)
n1: number of different operators of a function
n2: number of different operands of a function
N1: total number of operators of a function
N2: total number of different operands of a function
The following are counted as operators:
- Operators of the C language (Cast () only counted
in expressions); unary and binary forms are each
counted; for bracket operators, opening and
closing are together counted as 1.
- Control structures (blocks {} are counted as 1
operator; the operators in the control conditions
are then no longer counted)
- ; in statements and initialization statements,
not in declarations
On average, 1 error per 3200 mental comparisons can be
anticipated. Halstead estimated errors (B)
thus gives (E0 = 3200): B = V / E0 .
Since Halstead estimated errors can only be
evaluated in terms of an error probability,
the code affected should be investigated from a value of
> 0.50.
Example of tools:
Proloc is a program which
calculates the size of software products and the extent
of change relative to preceding versions in accordance
with Siemens standard SN77340. If you are interested in
this tool, click here for a brief
description and application areas. Proloc is
available via Support Center for Effort
Estimation and Metrics.
CANTATA supports a very
large number of parameters (however, the line counts are
not counted in accordance with SN 77340). If interested,
you can find further details here for a brief description and application
areas.
Where can I obtain further information?
For further information and specific support, please
contact Support Center for Effort
Estimation and Metrics and the Test
Support Center.
|