Escolar Documentos
Profissional Documentos
Cultura Documentos
Techniques
http://www.spr.com
cjones@spr.com May 12, 2009
TYPES OF SOFTWARE DEFECTS
• STATIC ANALYSIS
• GENERAL TESTING
• SPECIALIZED TESTING
• USER TESTING
Defect
Discovery
Requirements Design Coding Documentation Testing Maintenance
Static Analysis
Zone of Chaos
Defect
Discovery
Requirements Design Coding Documentation Testing Maintenance
Static analysis
> 99 6 0.40%
95 - 99 104 6.93%
90 - 95 263 17.53%
85 - 90 559 37.26%
80 - 85 408 27.20%
< 80 161 10.73%
TEST STAGES
STATIC ANALYSIS
• Call Graph
– Understand function, file and model interactions in your code
– Follow complex call chains crossing linkage units, virtual functions
and function pointers
• Data Tracking
– Track all known values for every expression
• Data Propagation
– Propagate values through function calls interprocedurally
• Benefits
– Automatic detection of logically incorrect code
– Accurate analysis of 100% of all paths and values
– Comprehensive understanding of 3rd party platforms and
libraries
• Sample Checkers
OVERRUN_STATIC INFINITE LOOP UNCAUGHT_EXCEPT
OVERRUN_DYNAMIC CHAR IO OPEN_ARGS
READLINK COM.BSTR.CONV BUFFER_SIZE
INTEGER_OVERFLOW COM.BSTR.ALLOC STRING_OVERFLOW
DEADCODE COM.BAD_FREE JDBC_CONNECT
UNREACHABLE MISSING_RETURN RESOURCE_LEAK
Accuracy: Predict Developer
Intent
• Statistical Analysis
– Monitor common behavior to infer correct behavior
– Infer proper API error handling
– Associate variables and locks
• Sample Checkers
NULL_RETURNS MISSING_LOCK
CHECKED_RETURN ORDER_REVERSAL
BAD_COMPARE BAD_EQ
NO_EFFECT CALL_SUPER
BAD_OVERRIDE LOCK_ORDERING
MISMATCHED_ITERATOR GUARDED_BY_VIOLATION
Effectiveness of Static Analysis
18
16
14
Number of Projects
12
10
0
0-25% 26-50% 51-75% 76-100%
Kernel
• 2,315 of these defects
Concurrency
Issues, 939
Q&A