Parasoft Logo Contact us   |   Blog   |   Support   |   Downloads   |   info@parasoft.com   |   888-305-0041   |   Language »
Search
Log In
Sign Up
secured
Quick Links
Download Products
Resources
My Parasoft
Initiatives
ALM
Agile development
Application security
Safety critical
FDA validation
Embedded
Practices
SOA service testing
Memory error detection
Runtime error detection
Static analysis
Unit testing
Code review
Service Virtualization
Build management
  Home > Solutions
Data Flow Static Analysis: Static Analysis on Steroids
 

Data Flow Static Analysis for Java, .NET, C, C++


This paper examines why and how to add flow analysis to your existing testing strategies. After introducing the general concept and benefits of flow analysis, it explains how flow analysis can be performed using Parasoft BugDetective™ technology, and demonstrates how it can be applied to bolster both your static analysis and unit testing efforts.

Static Code Analysis - Background

The term static code analysis means different things to different people in the software industry. There seems to be two main static analysis approaches: (1) program execution or flow-based analysis and (2) pattern-based analysis. For program execution adherents, static analysis means trying to logically execute the program— sometimes symbolically— to uncover code problems such as memory corruption, leaks, and exceptions. This type of testing largely focuses on identifying code problems without creating test cases. It provides developers with the "instant feedback" they need to quickly address defects and security vulnerabilities on the desktop— while they are still working on the code and it is fresh in their minds— and it prevents defects and vulnerabilities from making their way further downstream in the software development process, which is where they are much more expensive to identify and remediate.

Parasoft Static Analysis

Parasoft’s static analysis technologies support both flow-based static analysis and pattern-based static analysis. Parasoft’s flow-based static analysis technology, called BugDetective, provides effortless early detection of runtime problems and application instabilities (such as NullPointerExceptions, SQL and other injections, resource leaks, and inefficient iterator usage for Java) in paths that span multiple methods, classes, or packages. Parasoft BugDetective technology is available in Parasoft Jtest (for Java code), C++test (for C and C++ code), and .TEST (for .NET code). This paper focuses on BugDetective as it is implemented in Jtest, but the same general concepts and principles apply to all implementations of BugDetective.

Parasoft Data Flow Static Analysis

By automatically tracing and simulating execution paths through even the most complex applications— those with paths that span multiple methods, classes, and/or packages and contain dozens of sequence calls—BugDetective exposes defects that would be very difficult and time-consuming to find through manual testing or inspections, and would be exponentially more costly to fix if they were not detected until runtime. Using BugDetective, developers can find, diagnose, and fix classes of software errors that can evade pattern-based static analysis and/or unit testing. Exposing these defects early in the software development lifecycle saves hours of diagnosis and potential rework.

BugDetective static analysis has two applications within Parasoft Jtest:

  1. It is used as a part of Jtest’s static analysis to identify flow-based defects in the code as described above.
  2. It is used in cooperation with Jtest’s unit testing to validate whether exceptions reported in the course of unit testing could actually be triggered by real application paths.


To read more, download the PDF.
RSSTwitterFacebookWikipediaLinked In Copyright © 1996-2012 Parasoft   |  Privacy Policy |  Site Map