Automated code review software checks source code for compliance with a predefined set of rules or best practices. The use of analytical methods to inspect and review source code to detect bugs or security issues has been a standard development practice in both
Open Source
Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
and commercial software domains. This process can be accomplished both manually and in an automated fashion.
With automation, software tools provide assistance with the
code review
Code review (sometimes referred to as peer review) is a software quality assurance activity in which one or several people check a program mainly by viewing and reading parts of its source code, and they do so after implementation or as an interru ...
and inspection process. The review program or tool typically displays a list of warnings (violations of programming standards). A review program can also provide an automated or a programmer-assisted way to correct the issues found. This is a component for mastering easily software. This is contributing to the
Software Intelligence Software Intelligence is insight into the structural condition of software assets produced by software designed to analyze database structure, software framework and source code to better understand and control complex software systems in Informatio ...
practice. This process is usually called "linting" since one of the first tools for static code analysis was called
Lint.
Some
static code analysis
In computer science, static program analysis (or static analysis) is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution.
The term i ...
tools can be used to assist with automated code review. They do not compare favorably to manual reviews, however they can be done faster and more efficiently. These tools also encapsulate deep knowledge of underlying rules and semantics required to perform this type analysis such that it does not require the human code reviewer to have the same level of expertise as an expert human auditor.
Many
Integrated Development Environments
Integration may refer to:
Biology
*Multisensory integration
*Path integration
* Pre-integration complex, viral genetic material used to insert a viral genome into a host genome
*DNA integration, by means of site-specific recombinase technology, ...
also provide basic automated code review functionality. For example the
Eclipse
An eclipse is an astronomical event that occurs when an astronomical object or spacecraft is temporarily obscured, by passing into the shadow of another body or by having another body pass between it and the viewer. This alignment of three ce ...
and
Microsoft Visual Studio
Visual Studio is an integrated development environment (IDE) from Microsoft. It is used to develop computer programs including websites, web apps, web services and mobile apps. Visual Studio uses Microsoft software development platforms such a ...
IDEs support a variety of plugins that facilitate code review.
Next to
static code analysis
In computer science, static program analysis (or static analysis) is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution.
The term i ...
tools, there are also tools that analyze and
visualize software structures and help humans to better understand these. Such systems are geared more to analysis because they typically do not contain a predefined set of rules to check software against. Some of these tools (e.g.
Imagix 4D
Imagix 4D is a source code analysis tool from Imagix Corporation, used primarily for understanding, documenting, and evolving existing C, C++ and Java software.
Applied technologies include full semantic source analysis. Software visualization su ...
,
Resharper,
SonarJ,
Sotoarc
Sotoarc is a commercial static code analysis tool for software architects. It graphically visualizes the static structure of software systems written in Java language , Java, C Sharp (programming language), C# or in C++ code. The code structure is ...
,
Structure101, ACTool
Architecture Consistency plugin for Eclipse
/ref>) allow one to define target architectures and enforce that target architecture constraints are not violated by the actual software implementation.
Automated code review tools
See also
* Program analysis (computer science)
In computer science, program analysis is the process of automatically analyzing the behavior of computer programs regarding a property such as correctness, robustness, safety and liveness.
Program analysis focuses on two major areas: program op ...
References
{{DEFAULTSORT:Automated Code Review
Static program analysis tools
Software review