Static Code Analyses


What are static code analyses used for?
Static code analyses deal with the structure of the source code of software programs. The results of the analyses, which are almost always supplied automatically by using appropriate analysis tools, provide a picture of the size and complexity of the analyzed programs.
The goal of such analyses is not necessarily to provide pointers to specific errors, but rather to indicate where the probability of error is higher due to structural program features and where the code will be more difficult to maintain and test (e.g. numerous program branches, greater degree of nesting, etc.). Code analyses should form part of a code review. The analysis tools must be capable of handling the relevant programming language of the source code.

Possible parameters for (automated) investigation of the code
The following list shows a selection of the parameters most frequently used in code analysis:

  • BLOC (Brutto Lines of Code): Number of all lines
  • NLOC (Netto Lines of Code): Number of lines containing no comments
  • Number of comment lines
  • DLOC (Delta Lines of Code): Number of lines inserted or changed in the new version
  • Number of program branches (C1)
  • Number of queries (C2)
  • Number of program paths (C3)
  • Nesting depth
  • Complexity factor based on McCabe
  • Functions used
  • Operators used
  • Halstead estimated errors

Complexity factor based on McCabe
The complexity factor based on McCabe provides information about the complexity of a program. This is an important parameter, since an increase in the complexity of a code also increases the probability of error. The number of independent paths in a function is calculated. The count is 1 plus the number of decisions in the function: If, for, while, do...while etc.: count as 1; switch with n paths as (n-1), else is not counted. In related literature, the goal to be achieved for this parameter is generally a number <= 10, but this is found to be difficult to achieve in practice. However, there is nothing to prevent higher values being produced (with the reasoning best set out in the program comments) if the task definition requires this and the code has been subjected to a review.

Halstead estimated errors
Halstead saw programming as a non-defined process of selecting operators and operands from a predefined list. Assuming that the probability of a specific operator being selected is the same for all operators and a binary decision tree unambiguously represents the mental selection of a person, the volume (V) of a function is:

V = (N1 + N2) x log2 (n1 + n2)

n1: number of different operators of a function
n2: number of different operands of a function
N1: total number of operators of a function
N2: total number of different operands of a function

The following are counted as operators:

  • Operators of the C language (Cast () only counted in expressions); unary and binary forms are each counted; for bracket operators, opening and closing are together counted as 1.
  • Control structures (blocks {} are counted as 1 operator; the operators in the control conditions are then no longer counted)
  • ; in statements and initialization statements, not in declarations

On average, 1 error per 3200 mental comparisons can be anticipated. Halstead estimated errors (B) thus gives (E0 = 3200): B = V / E0 .
Since Halstead estimated errors can only be evaluated in terms of an error probability, the code affected should be investigated from a value of > 0.50.

Example of tools:
Proloc is a program which calculates the size of software products and the extent of change relative to preceding versions in accordance with Siemens standard SN77340. If you are interested in this tool, click here for a brief description and application areas. Proloc is available via Support Center for Effort Estimation and Metrics.

CANTATA supports a very large number of parameters (however, the line counts are not counted in accordance with SN 77340). If interested, you can find further details here for a brief description and application areas.

Where can I obtain further information?
For further information and specific support, please contact Support Center for Effort Estimation and Metrics and the Test Support Center.


Siemens AG Österreich, Program and Systems Engineering PSE
Contact: stdSEM Webmaster
Last modified: 08/27/98 15:42
Copyright © Siemens AG Österreich 1997. All rights reserved.