Static Analysis by tools

-

  • Static testing,  is where we carefully examine requirements, designs and code, usually with automated assistance to figure out additional defects before the code is actually run. Thus, what is called static analysis is just another form of testing.


  • Static analysis is an examination of requirements, design and code that differs from more traditional dynamic testing in a number of important ways:
    • Static analysis is performed on requirements, design or code without actually executing the software artifact being examined.
    • Static analysis is ideally performed before the types of formal review.
    • Static analysis is unrelated to dynamic properties of the requirements, design and code, such as test coverage.
    • The goal of static analysis is to find defects, whether or not they may cause failures. 
    • As with reviews, static analysis finds defects rather than failures.


  • For static analysis there are many tools, and most of them focus on software code. Static analysis tools are typically used by developers before, and sometimes during, component and integration testing and by designers during software modeling. 


  • The tools can show not only structural attributes (code metrics), such as depth of nesting or cyclomatic number and check against coding standards, but also graphic depictions of control flow, data relationships and the number of distinct paths from one line of code to another. 


  • Even the compiler can be considered a static analysis tool, since it builds a symbol table, points out incorrect usage and checks for non-compliance to coding language conventions (syntax). 


  • One of the reasons for using static analysis (coding standards and the like) is related to the characteristics of the programming languages themselves.


  • All programming languages have problems and programmers cannot assume that they are protected against them. And nothing in the current international process of standardizing languages will prevent this from happening in the future.


  • The various features of static analysis tools are discussed below, with a special focus toward static code analysis tools since these are the most common in day-to-day practice. Note that static analysis tools analyze software code, as well as generated output such as HTML and XML.


Coding standards


  • Checking for adherence to coding standards is certainly the most well-known of all features. The first action to be taken is to define or adopt a coding standard.

  • Usually a coding standard consists of a set of programming rules, naming conventions and layout specifications. It is recommended that existing standards are adopted. The main advantage of this is that it saves a lot of effort.

  • An extra reason for adopting this approach is that if you take a well-known coding standard there will probably be checking tools available that support this standard. It can even be put the other way around:

    • purchase a static code analyzer and declare (a selection of) the rules in it as your coding standard. Without such tools, the enforcement of a coding standard in an organization is likely to fail. 
    • There are three main causes for this: 
      • the number of rules in a coding standard is usually so large that nobody can remember them all 
      • some context-sensitive rules that demand reviews of several files are very hard to check by human beings
      • if people spend time checking coding standards in reviews, that will distract them from other defects they might otherwise find, making the review process less effective.

Code metrics


  • As stated, when performing static code analysis, usually information is calculated about structural attributes of the code, such as: 
    • comment fre-quency 
    • depth of nesting
    • cyclomatic number 
    • number of lines of code.

  • This information can be computed not only as the design and code are being created but also as changes are made to a system, to see if the design or code is becoming bigger, more complex and more difficult to understand and maintain. 

  • The measurements also help us to decide among several design alternatives, especially when redesigning portions of existing code.

  • There are many different kinds of structural measures, each of which tells us something about the effort required to write the code in the first place, to understand the code when making a change, or to test the code using particular tools or techniques. 

  • Experienced programmers know that 20% of the code will cause 80% of the problems, and complexity analysis helps to find that all-important 20%, which relate back to the principle on defect clustering. Complexity metrics identify high risk, complex areas. 

  • The cyclomatic complexity metric is based on the number of decisions in a program. It is important to testers because it provides an indication of the amount of testing (including reviews) necessary to practically avoid defects. 
  • In other words, areas of code identified as more complex are candidates for reviews and additional dynamic tests. 
  • While there are many ways to calculate cyclomatic complexity, the easiest way is to sum the number of binary decision statements and add 1 to it. 

Below is a simple program as an example:

IF A = 354 THEN  

         IF B > C THEN 
                A = B
         ELSE 

                A= C
         ENDIF

ENDIF
Print A

The control flow generated from the program would look like Figure below.

  • The control flow shows seven nodes (shapes) and eight edges (lines), thus using the formal formula the cyclomatic complexity is 8-7 + 2 = 3.
  • In this case there is no graph called or subroutine. Alternatively one may calculate the cyclomatic complexity using the decision points rule. Since there are two decision points, the cyclomatic complexity is 2 + 1 = 3.


Code structure


  • There are many different kinds of structural measures, each of which tells us something about the effort required to write the code in the first place, to understand the code when making a change, or to test the code using particular tools or techniques.
  • It is often assumed that a large module takes longer to specify, design, code and test than a smaller one. But in fact the code's structure plays a big part. 
  • There are several aspects of code structure to consider:
    • control flow structure
    • data flow structure
    • data structure
  • The control flow structure addresses the sequence in which the instructions are executed. This aspect of structure reflects the iterations and loops in a program's design.
  • If only the size of a program is measured, no information is provided on how often an instruction is executed as it is run. 
  • Control flow analysis can also be used to identify unreachable (dead) code. In fact many of the code metrics relate to the control flow structure, e.g. number of nested levels or cyclomatic complexity.

Data flow structure

  • Data flow structure follows the trail of a data item as it is accessed and mod-ified by the code. Many times, the transactions applied to data are more complex than the instructions that implement them.
  • Thus, using data flow measures it is shown how the data act as they are transformed by the program. Defects can be found such as referencing a variable with an undefined value and variables that are never used.
  • Data structure refers to the organization of the data itself, independent of the program. When data is arranged as a list, queue, stack, or other well-defined structure, the algorithms for creating, modifying or deleting them are more likely to be well-defined, too.
  • Thus, the data structure provides a lot of information about the difficulty in writing programs to handle the data and in designing test cases to show program correctness.
  • That is, sometimes a program is complex because it has a complex data structure, rather than because of complex control or data flow.
  • The important thing for the tester is to be aware that the above mentioned static analysis measures can be used as early warning signals of how good the code is likely to be when it is finished.

In summary the value of static analysis is especially for:
  • early detection of defects prior to test execution;
  • early warning about suspicious aspects of the code, design or requirements;
  • identification of defects not easily found in dynamic testing;
  • improved maintainability of code and design since engineers work according to documented standards and rules;
  • prevention of defects, provided that engineers are willing to learn from their errors and continuous improvement is practised.

Comments

Post a Comment

Popular posts from this blog

Types of Review

-
A single document may be the subject of more than one review. If more than one type of review is used, the  order may vary.  It is  apparent that none of the following types of review is the 'winner', but the different types serve different purposes at different stages in the life cycle of a document. The main review types:  Walkthrough Technical Review Inspection Walkthrough A walkthrough is characterized by the author of the document under review guiding the participants through  the document and his or her thought processes , to achieve a common understanding and to gather feedback. This is especially useful if people from outside the software discipline are present, who are not used to, or  cannot easily understand software development documents.  The content of the document is explained step by  step by the author, to reach consensus on changes or to gather information.  Within a walkthrough the author does most of the preparation. The participa
Read more

Roles and Resposibilities for a Formal Review

-
The participants in any type of formal review should have adequate knowledge of the review process. The  best, and most efficient, review situation occurs when the participants gain some kind of advantage for their  own work during reviewing.  In the case of an inspection or technical review, participants should have been  properly trained as both types of review have proven to be far less success-ful without trained participants.  This indeed is perceived as being a critical success factor. The best formal reviews come from well-organized teams, guided by trained moderators (or review  leaders). Within a review team, four types of participants can be distinguished:  moderator author scribe reviewer the management (in addition to the main four roles) The moderator The moderator (or review leader) leads the review process .  He or she determines, in co-operation with the a uthor, the type of review, approach and the composition of the review team.  The mo
Read more

Phases of Formal Review

-
Phases of a formal review In contrast to informal reviews, formal reviews follow a formal process.  A typical formal review process consists of six main steps: Planning Kick-off Preparation Review meeting Rework Follow-up Planning The review process for a particular review  begins with a 'request for review'   by the author to the moderator (or inspection leader).  A moderator is often assigned to take care of the scheduling (dates, time, place and invitation) of the review. On a project level, the project planning needs to allow time for review and rework activities , thus providing engineers with time to thoroughly participate in reviews. For more formal reviews ,e.g. inspections, the moderator always performs an entry check and defines at this stage formal exit criteria. The entry check is carried out to ensure that the reviewers' time is not wasted on a document that is not ready for review.  A document containing too
Read more