Static Analysis Tutorials: Analyzing for Errors and Security Weaknesses with the Intel® Parallel Studio XE

Static analysis examines source code to find errors and security weaknesses, allowing you to eliminate defects early in the development cycle and proactively harden your application against security breaches. Static analysis explores all possible execution paths to detect over 250 known logic flaws and security weaknesses. Since it is not limited to the paths that are executed during run time tests, you do not have to anticipate the ways in which your program can be attacked.

When static analysis is used as a routine part of the development process by someone familiar with the code base, defects and vulnerabilities can be identified and corrected while the cost of repair is relatively low. As the code changes over time, rerun static analysis to verify bug fixes and examine new code for security issues. Static analysis remembers problems and state assignments, so you can focus on regressions and new problems without having to investigate issues more than once.

Once errors detected by static analysis are resolved and development is complete, you will release a hardened application from which you have removed a number of defects that otherwise might have been encountered by customers or discovered by malicious probes.

Each of the following tutorials provides a pair of end-to-end examples that show you how to use static analysis to identify and resolve problems in sample code.

Linux* OS Static Analysis Tutorials/C++ and Fortran Sample Applications

These tutorials are designed for developers with a basic understanding of the Linux* OS, including how to use common shell commands, such as tar, and how to access and use a text editor.

You need the following tools to follow along with these tutorials:

  • Intel Parallel Studio XE
  • .tgz file extraction utility
  • tachyon_ssa.tar.gz (C++) or FortranDemo_ssa.tar.gz (Fortran) sample application from the Samples directory in the Intel Inspector XE 2013 directory
  • Text editor

Tutorial Workflow Summary

  1. Set up a static analysis build.
  2. Build the application.
  3. Open the result.
  4. Choose a problem.
  5. Interpret problem data.
  6. Resolve the problem.
  7. Resolve the next problem
  8. Rebuild the application.

Windows* OS Static Analysis Tutorials/C++ and Fortran Sample Applications

These tutorials are designed for developers with a basic understanding of the Microsoft Visual Studio* IDE, including how to open a project/solution, display the Solution Explorer, access the Document Explorer window, and edit source code in the Visual Studio* code editor.

You need the following tools to follow along with these tutorials:

  • Intel Parallel Studio XE
  • .zip file extraction utility
  • tachyon_ssa.zip (C++) or FortranDemo_ssa.zip (Fortran) sample application from the Samples directory in the Intel Parallel Studio XE installation directory

Tutorial Workflow Summary

  1. Choose project.
  2. Run a static analysis build.
  3. Choose a problem.
  4. Interpret problem data.
  5. Resolve the problem.
  6. Resolve the next problem
  7. Rebuild the application.
For more complete information about compiler optimizations, see our Optimization Notice.