Static code analysis plays a significant role in development of software products. Static analyzers can detect various problems (insecure, unsafe code, etc.) without executing the program. They helps to increase the quality of code, with little or minimal effort, because static code analysis can be integrated into the build process. The use of static analysis tools can dramatically decrease time of software development, because potential bugs will be revealed early, by the analyzer.
There are many representations of the program that can be used for static analysis, for example the syntax-tree, dataflow graph, control flow graph and call graph. In these data structures various checks can be implemented, effectively. This thesis shows the importance of these data structures and demonstrates this with practical examples. There are many widely-used C static analyzer tools in the world. The thesis compare ten popular C static analyzer tools.
Analyses of C source code often doesn’t take into account the C preprocessor, because C preprocessing happens as a separate step, before compiling C source files. This thesis describes one possible solution for handling this problem. The thesis presents a static code analysis tool and details the problems, which have to be solved in order to implement such a tool. The input of the software input is one or more C source file. The tool contains of for different analyses: Constructing call graph from the C sources, check if all case are ended with break, check if all array size are declared with macro and the forth task is discovering the dependencies between C source codes. The software is implemented in the Java programming language, using the ANTLR parser generator.