静态代码分析方法

发布于 2024-09-13 14:30:18 字数 1436 浏览 4 评论 0原文

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

一紙繁鸢 2024-09-20 14:30:21

如果我在新的代码库上使用,我会按照我想要的方式预先设置它们。如果我在现有代码库上使用它们,我会分阶段启用消息,以便报告特定类别的问题。一旦清除了该特定类型的消息,我就会添加下一个类别。

我将静态分析工具视为编译器的一部分。每个开发人员每次构建时都会运行它们。如果可能的话,我也会像处理编译器警告一样将它们视为错误。这样带有警告的代码根本不会进入构建服务器。如果您无法在特定情况下关闭警告,这就会出现问题......并且警告只能通过协议来关闭。

If I am using then on a new code base I set them up exactly how I want up front. If I am using them on an existing code base I enable messages in stages, so that a particular category of issue is reported on. Once that particular type of message is cleaned up I add the next category.

I treat static analysis tools as if they were part of the compiler. Each developer runs them each time they do a build. If possible I would also treat them as I do compiler warnings - as errors. That way code with warnings does not make it onto the build server at all. This has issues if you cannot turn warnings off in specific cases... and warnings should only be turned off by agreement.

情定在深秋 2024-09-20 14:30:21

我的经验是,一般来说,静态分析应该在开发过程的早期使用,最好(或理想情况下)在单元测试和代码签入之前。静态分析的报告也可以在代码审查过程中使用。这使得软件开发人员能够开发健壮的代码,并且在某些情况下编写可以通过静态分析工具更准确地分析的代码。

早期使用的挑战在于,软件开发人员必须接受充分的培训以使用静态分析工具,并能够有效地对获得的结果进行分类。这样,他们就可以采取具体措施来提高软件的质量。否则,该工具的使用会减少,或者标记的问题会被忽略,并且静态分析的使用会随着时间的推移而减少。

实际上,大多数开发组织在开发过程的后期都使用静态分析。在这些阶段,质量或测试工程师使用静态分析工具。在许多情况下,它与构建系统相结合来生成质量指标并提供有关软件安全性和可靠性的指导。但是,如果发现的问题累积并跨越多个代码组件,则解决所有问题的可能性将会降低。因此,后期使用静态分析通常可能需要更多的时间和资源来解决已识别的问题。

My experience is that in general, static analysis should be used early in the development process, preferably (or ideally) before unit test and code check-in. Reports from static analysis can also be used during the code review process. This enables development of robust code by the software developer and in some cases writing code that can be analyzed more accurately by static analysis tools.

The challenge with early use is that software developers must be adequately trained to use static analysis tools and are able to effectively triage results obtained. That way, they can take concrete steps to improve the quality of the software. Otherwise, use of the tool diminishes or flagged issues are ignored and use of static analysis diminishes over time.

In practice most development organizations use static analysis late in the development process. In these phases, the static analysis tools are used by quality or test engineers. In many cases it is coupled with build systems to produce quality metrics and provide guidance about the safety and reliability of the software. However, if identified issues accumulate and span multiple code components, the probability that all issues will be fixed will decrease. Therefore, late use of static analysis in general may require more time and resource to address identified issues.

不知在何时 2024-09-20 14:30:21

在检查服务器中的源代码之前,与使用静态分析工具一起建立代码审查任务(由另一个开发人员进行同行代码审查)也是一个好主意。因此,它将有助于提高代码质量,并防止无用的代码行有一天成为无用的遗留代码。

It is also could be a good Idea to establish code review task (peer code review by another developer) together with using static-analysis tool so before checking the source code in the server. so it will help to increase the quality of code and preventing of useless lines of code that be useless legacy code one day.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文