Our website uses cookies to enhance your browsing experience.
Accept
to the top
close form

Fill out the form in 2 simple steps below:

Your contact information:

Step 1
Congratulations! This is your promo code!

Desired license type:

Step 2
Team license
Enterprise license
** By clicking this button you agree to our Privacy Policy statement
close form
Request our prices
New License
License Renewal
--Select currency--
USD
EUR
* By clicking this button you agree to our Privacy Policy statement

close form
Free PVS‑Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

close form
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

close form
I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

close form
check circle
Message submitted.

Your message has been sent. We will email you at


If you do not see the email in your inbox, please check if it is filtered to one of the following folders:

  • Promotion
  • Updates
  • Spam

Webinar: Evaluation - 05.12

>
>
The difference between static analysis …

The difference between static analysis and code review

Apr 09 2013
Author:

Both static analysis and code review are methods to find errors and vulnerabilities in source code without explicitly executing the program being examined.

Code review is usually understood as a relatively regular examination of a source code fragment performed jointly by two or more developers, which may take place both in a semi-formal way or as a formal certification. Code review may also be a part of pair programming.

Static code analysis in most cases implies usage of special tools that automatically scan the source code to find out if it contains any of the known formal bug patterns that may need to be inspected by a developer. Unlike code review, automation makes static analysis in fact unlimited by the size of the code to be checked. However, static analysis results still need to be studied by developers to distinguish between genuine errors and false positives which are inevitable with this analysis approach.

Although the notions of code review and static analysis are usually separated, they may sometimes intersect and even be viewed as mutually-derivative methods that complement each other. An example of this is joint code review performed by several developers for separate code fragments pointed out in the report of a static analyzer that has carried out analysis of the whole project before.

References

Popular related articles


Comments (0)

Next comments next comments
close comment form