This invention relates to software debugging, and more particularly, to static error analysis for complex software environments.
Software code often contains errors. Some of these errors are easily detected by visual inspection of the printed code. More subtle errors are typically only discovered with the help of software debugging tools.
Dynamic software debugging tools perform run-time error checking. Software errors may be captured as they occur. For example, if control branches down a particular path in the program, an error (e.g., an out-of-bounds memory access) that occurs along that path may be detected. Although dynamic analysis tools are often invaluable in the debugging process, they are not without shortcomings. In particular, it may be difficult to exercise complex software thoroughly during testing. For example, in particularly large programs, it may only be possible to rigorously test about 5-10% of all possible program behaviors before the software is released to end users. Rarely used portions of the software (e.g., rarely-traveled paths in conditional branches) may never be tested before the software is deployed in the field. Dynamic tools have the additional drawback that they slow down the program being analyzed and consume more memory resources. Therefore, dynamic tools are not useful in debugging the real-time behavior of deployed software.
Static analysis debugging tools operate on static code (i.e., code that is not running during the analysis process). Static analysis tools make certain simplifying assumptions in order to make the analysis of the software practical. Because of such simplifications, static analysis tools are not able to detect all conceivable potential errors. Nevertheless, static analysis tools can detect errors that are often missed when using dynamic analysis tools alone. For example, static analysis may detect an illegal operation that is contained in a rarely traversed or otherwise hard-to-test conditional branch path. Because the path is so rarely visited during operation of the software, this error might not be detected using a dynamic analysis tool.
In modern software development environments, source code, compilers, and ancillary software components are often distributed across many different directories and systems.
As a result of this complexity, software developers typically use build management utilities such as the “Make” program to assist in the process of building executable code. Software developers also construct their own build management utilities (e.g., by writing customized shell scripts). As the software development environment at a given organization matures, it is commonplace for the overall software build process used by that organization to involve many directory changes, variable assignments, calls of different build management utilities, etc.
The use of static analysis debugging tools in this type of complex build environment is difficult. Static analysis software tools operate on source code, so all of the relevant source code to be debugged must be identified. Different static analysis tools may be used in place of different compilers, so it may be necessary to identify which compilers are normally used to compile which source code files during the build process. Although it may be possible for the proper static analysis tools to be selected and invoked manually, this process can be time consuming and prone to errors, particularly when it is necessary to set up and run a new suite of static analysis tools in a relatively short period of time in a complex build environment.
It is therefore an object of the present invention to provide improved ways in which to invoke static error analysis on source code, particularly in complex software development environments.