Static Analysis with Parasoft BugDetective
This paper examines why and how to add flow analysis static analysis to your existing testing strategies. After introducing the general concept and benefits of flow analysis, it explains how flow analysis can be performed using Parasoft BugDetective technology, and demonstrates how it can be applied to bolster both your static analysis and unit testing efforts.
Data Flow Static Analysis - Background
The term static analysis means different things to different people in the software industry. There seems to be two main static analysis approaches: (1) program execution or flow-based analysis and (2) pattern-based analysis. For program execution adherents, static analysis means trying to logically execute the program sometimes symbolically to uncover code problems such as memory corruption, leaks, and exceptions. This type of testing largely focuses on identifying code problems without creating test cases. It provides developers with the "instant feedback" they need to quickly address defects and security vulnerabilities on the desktop while they are still working on the code and it is fresh in their minds and it prevents defects and vulnerabilities from making their way further downstream in the software development process, which is where they are much more expensive to identify and remediate.
Parasoft Static Analysis and BugDetective Technology
Parasofts static analysis technologies support both flow-based static analysis and pattern-based static code analysis. Parasofts flow-based static analysis technology, called BugDetective, provides effortless early detection of runtime problems and application instabilities (such as NullPointerExceptions, SQL and other injections, resource leaks, and inefficient iterator usage for Java) in paths that span multiple methods, classes, or packages. Parasoft BugDetective technology is available in Parasoft Jtest (for Java code), C++test (for C and C++ code), and dotTEST (for .NET code). This paper focuses on BugDetective as it is implemented in Jtest, but the same general concepts and principles apply to all implementations of BugDetective.
By automatically tracing and simulating execution paths through even the most complex applications those with paths that span multiple methods, classes, and/or packages and contain dozens of sequence callsBugDetective exposes defects that would be very difficult and time-consuming to find through manual testing or inspections, and would be exponentially more costly to fix if they were not detected until runtime. Using BugDetective, developers can find, diagnose, and fix classes of software errors that can evade pattern-based static analysis and/or unit testing. Exposing these defects early in the software development lifecycle saves hours of diagnosis and potential rework.
BugDetective static analysis has two applications within Parasoft Jtest:
- It is used as a part of Jtests static analysis to identify flow-based defects in the code as described above.
- It is used in cooperation with Jtests unit testing to validate whether exceptions reported in the course of unit testing could actually be triggered by real application paths.
Benefits of Using Parasoft's Data Flow Static Analysis
Using Parasoft's data flow static analysis, development teams gain the following key benefits:
- Perform more comprehensive testing with existing resources:
BugDetective, complements other testing techniques by allowing you to find problems that would otherwise require the development, execution, and mainte¬nance of complex test cases. BugDetective investigates various branching possibilities in a program, providing a level of path coverage that is difficult to accomplish with traditional testing. As a result, BugDetective often identifies problems that occur while handling rare situations that are typically not covered during testing. Moreover, if the code functionality changes, you can search for defects in the modified version without updating or regenerating test cases.
- Automatically identify defects that pass through multiple classes:
Traditional automated unit test generation helps you identify the defects within a class. This is critical. Most developers have performed thorough testing on a class, corrected all apparent problems, integrated the code, then later encountered problems, such as NullPointerExceptions, that took days to diagnose because they resulted from an obscure or complex execution path that passed through multiple methods or even multiple packages. Using BugDetective, the same problem could be identified in seconds.
- Focus on actual defects and misuses:
BugDetective automatically identifies data-dependent or flow-dependent defects with reasonable certainty. In most cases, BugDetective's reported violations indicate actual misuses (as opposed to the possible/hypothetical misuses that might be reported during unit testing). For example, BugDetective would not report a violation for the following code unless there was a method in the source code calling strlen and passing it a null value, but unit test¬ing would report a problem regardless by passing null to the strlen method in the test:
public int strlen(String str)
In The Trenches with BugDetective Static Analysis
BugDetectives unique breed of static analysis determines whether applications execution paths match suspicious behavior profiles, which are implemented as rules. For each defect found, a hierarchical flow path details the complete execution path that leads to the identified defect, ending with the exact line of code where the bug manifests itself. To reduce the time and effort required to diagnose and correct each problem found, flow path details are supplemented with extensive annotations (for example, a NullPointerException violation description contains annotations describing which variables contain null values at each point in the flow path).
To make the analysis process more flexible and tailored to your unique project needs, some rules can be parameterized. As a result, BugDetective can even be used to detect violations bound to usage of very specific APIs...
To read more, download the complete Data Flow Static Analysis paper as a PDF.