Abstract [eng] |
Software, information systems and mobile applications are widely used in various spheres from leisure activities to organisation processes. Depending on use cases, ensuring software quality, reliability and security can be very important. These characteristics are always relevant and constantly improved. In order to measure these characteristics more effectively, automated tools are used which use various methods to analyse the code and how it behaves. One type of such tools is static code analysis tools which analyse program code without running it. Static code analysis is a fast method, but it has advantages and disadvantages. These tools are widely used to measure various code characteristics and detect security vulnerabilities, but they also have some common problems and issues so there is a need to evaluate their quality and precision, to solve these problems and improve the tools. In this work code analysis methods and tools are analysed, their advantages and disadvantages are reviewed. In analysis chapter a conclusion is made that currently most important problems of code analysis are “false positive” situations and inaccuracy - failure to detect code problems. It is decided to solve the problem of inaccuracy by creating static analysis rules. After reviewing existing static code analysis tools and evaluating them by chosen criteria it was decided to implement analysis rules as rule sets for existing “PHPStan” tool. Two rule sets were created and experiments were conducted to demonstrate the efficiency of the solution. A conclusion is made that conducted experiments validate effectiveness of created solution and allow stating that created analysis rules complement and expand functionality of existing tools and are applicable in practical environment. |