Software static analysis techniques are methods that effectively detect defects in software throughout all phases of its development. One basic static analysis technique is inspection, which involves a well-defined process by which a team analyzes a software product, using a reading technique, with the goal of finding defects.
Code inspection is the most difficult type of inspection, since code is one of the hardest software products to read. The authors present a tool that provides inspectors with help in better understanding dependencies among pieces of code.
This tool, CodeSurfer, expands the functionality provided by static analysis tools, such as control-flow graphs, or calculation of cyclomatic complexity. Physically, the tool consists of several viewers, connected by hypertext links: project viewer, which displays program hierarchy; file viewers, which display source files; call graph viewers, which display program call graphs; property sheets, which are used to examine program elements (for example, examining a variable would shows its uses, definitions, where it may point to, and what other variables may point to it); a finder (which allows a user to search through the program for occurrences of strings, functions, or variables); and a set calculator, which enables direct manipulation of the sets of points in the program. CodeSurfer is currently able to analyze C programs; a C++ version is being developed.
The authors also explain the use of CodeSurge with checklists, in the context of NASAs Formal Inspection Guidebook. This is an interesting discussion, which could be further extended by an explanation of how the tool could be used with other reading techniques, rather than checklists.