2) Gary McGraw said, "In the end, even the most extensive...static analysis regime is simply a badness-ometer." Explain what he means in your own words.
3) Static analysis systems exist not just for testing source code. Some can make use of object (binary) code or Java/C# byte code. When might they be useful? What is a drawback of them?
4) What are three advantages of static source code analysis systems?
5) What are three disadvantages of static source code analysis systems? (Note: Do not include “slow” or “expensive” among the list of disadvantages.)
6) What are three techniques that static source code analysis systems normally use to find bugs?
This material may consist of step-by-step explanations on how to solve a problem or examples of proper writing, including the use of citations, references, bibliographies, and formatting. This material is made available for the sole purpose of studying and learning - misuse is strictly forbidden.Question 1
The main advantage of using the guidance offered by the warning messages can be seen through the perspective of a less experienced tester. The warning message might offer additional information about the source/root cause of the warning (in the best case).
It is necessary to recall that static analyzers often give a large amount of false positive and false negative results. In many situations it can be useful to let active the warning messages because these can be corroborated with the erroneous results.
On the other hand, it is also possible the warning to require too much re-coding of the program or to refer a possibility that in practice does not occur too much. For these types of situations it can be useful to turn off the warning or a class of warnings.
Not last, the warnings might not be appropriate (or very relevant) for the actual context. If the warning message is kept active, then it can create confusion....