Integrating Static Code Analysis Toolchains Article Swipe

View

Related Concepts

Computer science Traceability Static analysis Static program analysis Toolchain Comparability Source code Programming language Code (set theory) Software engineering Code coverage Code generation Code review Software development Software Operating system Mathematics Combinatorics Key (lock) Set (abstract data type)

Matthias Kern , Ferhat Erata , Markus Iser , Carsten Sinz , Frédéric Loiret , Stefan Otten , Eric Sax ·

YOU? · · 2019 · Open Access · · DOI: https://doi.org/10.1109/compsac.2019.00080 · OA: W2956261528

This paper proposes an approach for a tool-agnostic and heterogeneous static\ncode analysis toolchain in combination with an exchange format. This approach\nenhances both traceability and comparability of analysis results. State of the\nart toolchains support features for either test execution and build automation\nor traceability between tests, requirements and design information. Our\napproach combines all those features and extends traceability to the source\ncode level, incorporating static code analysis. As part of our approach we\nintroduce the "ASSUME Static Code Analysis tool exchange format" that\nfacilitates the comparability of different static code analysis results. We\ndemonstrate how this approach enhances the usability and efficiency of static\ncode analysis in a development process. On the one hand, our approach enables\nthe exchange of results and evaluations between static code analysis tools. On\nthe other hand, it enables a complete traceability between requirements,\ndesigns, implementation, and the results of static code analysis. Within our\napproach we also propose an OSLC specification for static code analysis tools\nand an OSLC communication framework.\n