Copyright (c) 2004-2018 Department of Software Engineering, University of Szeged, Hungary.
OpenStaticAnalyzer is a source code analyzer tool, which can perform deep static analysis of the source code of complex systems.
The source code of a program is usually its only up-to-date documentation. At the same time, the source code is the exquisite bearer of knowledge, business processes and methodology, accumulated over a long period of time. Source code quality decrease, which happens due to many quick fixes and time pressure, results in the increase of development and testing costs, and operational risks. In spite of this, the source code usually receives hostile treatment and is merely considered as a tool.
OpenStaticAnalyzer provides deep static analysis of source code. Using the results of the analysis, the quality of the analyzed source code can be improved and developed both in the short- and long term in a directed way.
The most important product characteristics of OpenStaticAnalyzer are the following:
- Platform-independent command line tools
- Transparent integration into build processes
- Powerful filter management
- Coding issue detection:
- Clone detection (copy-pasted source code fragments) extended with clone tracking and "clone smells"
- Syntax-based, so-called Type-2 clones
- Metrics calculation at component, file, package, class, method, and function levels:
- Source code metrics
- Clone metrics
- Coding rule violation metrics
- Supported languages: Java, Python, C#, JavaScript (C/C++ will be available in the near future).
By continuous static analysis, the software developers can:
- reduce the software erosion rate and this way decrease development costs;
- coding problems can be identified before testing, so the number of test iterations and the testing costs can be reduced;
- the number of errors in delivered software can be reduced, so the operational risks can be decreased, increasing the company's reputation.
OpenStaticAnalyzer 4.0 is licensed under the European Union Public Licence (EUPL) v1.2.
OpenStaticAnalyzer is free software, distributed in the hope that it will be useful, but on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the LICENSE file for more details.
In order to build the OpenStaticAnalyzer software package the following tools are required:
- CMake 3.8.0
- Compiler
- Linux : gcc 6.3
- Windows : Microsoft Visual Studio 2015
- JDK 1.8
- Gradle 1.6
- Apache Maven 3.2.5
- Pandoc 1.16
- Node 8.x.x
Some of the 3rd party libraries are used as a submodule so either --recursive parameter has to be used with the git clone command, or they have to be initialized immediately after the cloning with the git submodule update --init --recursive command.
OpenStaticAnalyzer uses CMake for generating the platform dependent build files. After cloning the source code into an OpenStaticAnalyzer directory and creating a Build directory next to it, it can be built by executing the following commands in the Build directory:
-
Linux:
cmake ../OpenStaticAnalyzer -G "Unix Makefiles" make OpenStaticAnalyzer-Package -
Windows:
-
Building with Visual Studio 2015 IDE
cmake ..\OpenStaticAnalyzer -G "Visual Studio 14 2015 Win64"Open the generated OpenStaticAnalyzer.sln file with the VS IDE and build the
Columbus\OpenStaticAnalyzer\OpenStaticAnalyzer-Packageproject to generate the OpenStaticAnalyzer package. -
Building from command line
Activate the VS 2015 compiler environment. For example:
"c:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat"Then execute the following commands in the same terminal.
cmake ..\OpenStaticAnalyzer -G "Visual Studio 14 2015 Win64" msbuild /p:Configuration=Release /m /t:Build OpenStaticAnalyzer\OpenStaticAnalyzer-Package.vcxproj
-
The generated build directory hierarchy can be so deep that due to the length limit of the path on Windows (260 characters) the build can fail. In this case a new drive should be associated with the directory containing the source and build directories with the subst command, from which the build can be run.
Coming soon, stay tuned!