SourceAudit - Technical details

To create coherent and consistent source code it is not enough to simply rely on the built-in error checker of the compiler. The compiler checks for errors and basic problems in a compilation unit, but ignores the higher level relations. SourceAudit examines the entire source code as a whole.

Manual code reviews are very expensive, inefficient, and in large-scale projects they are often infeasible. SourceAudit offers a viable alternative to manual code reviews. It uncovers quality deficiencies much faster and cheaper. SourceAudit detects problems, such as code duplications and coding rule violations, that would be very difficult to discover manually.

It is a common practice to reuse source code by simply copying and pasting its parts. Although this approach can reduce software development time, the price in the long-term must be paid in the form of increased maintainability costs. One of the primary concerns is that if the original code segment needs to be corrected, all the copied parts need to be checked and changed accordingly as well.
Read more >> || Description of code duplications (PDF)
Best practices provide guidelines for writing good, fast, maintainable, secure code. FrontEndART's products are capable of checking whether these best practices are being adhered to or not by developers. Besides these best practices, the tools can detect serious programming errors, which are either caused by unawareness or inadvertence of the developers. Read more >>

The SourceAudit product is based on the Columbus cutting-edge technology developed and maintained by FrontEndART Ltd. using the latest research results of the Software Engineering Department of the University of Szeged. The platform is made up of robust programming language parsers (C/C++, C#), abstract source code representations (abstract semantic graphs), graph analysis methods, pattern recognition, wrapping technology, data exchange formats (XML), and several extractor tools (code checkers, metric calculators, code duplication detectors, and bad smell miners). The tools, the methods and the knowledgebase provide various outputs that help in locating critical parts of the source code that should be revised.

SourceAudit embeds in Microsoft Visual Studio IDE, so developers can use this tool like an integrated feature. Obtaining the results of the analysis can be done by just clicking a button.

SourceAudit is highly customizable, choosing the right settings are straightforward. The available options include the following:

  • Exclusion of external and generated code
  • advanced filtering techniques
  • Turning rules on and off individually
  • Defining baselines for metrics
  • Setting up analysis parameters and scope
  • Performing incremental or full analysis

SourceAudit currently supports the following programming languages:

  • C/C++ (ISO/IEC 14882:2003 standard, ISO/IEC 9899:1999, ISO/IEC 9899:1990, ANSI/ISO C, Microsoft dialects of C and C++, GNU C and C++)
  • C# v2.x

Supported IDEs:

  • Microsoft Visual Studio 8 (2005)
  • Microsoft Visual Studio 9 (2008)

SourceAudit is also available as a platform independent command line toolset. Supported platforms are:

  • Windows (NMAKE – Microsoft cl compiler)
  • Linux (make – gcc/g++ compiler)

The outputs of the command line version are generated in a standard CSV format, which allows further analysis of the results in spreadsheet editors (e.g. Microsoft Excel) or integration with other tools.

Read further:

SourceAudit's main page
Business Aspects Technical details of SA
SourceAudit C/C++ for Visual Studio SourceAudit C# for Visual Studio