Scribd
Upload
125 views15 pages

Advanced Flow Analysis Techniques

Nada daVeiga from Parasoft gave a presentation on data flow analysis, a type of static analysis. She discussed three types of software bugs, how to detect them, and the benefits of flow analysis over other techniques. The presentation demonstrated running flow analysis on sample code and showed how it detected defects without false positives by tracing the flow of data. Nada compared pattern-based and flow-based analysis and concluded that flow analysis is one part of a comprehensive quality strategy.

Uploaded by

neovik82
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
125 views15 pages

Advanced Flow Analysis Techniques

Nada daVeiga from Parasoft gave a presentation on data flow analysis, a type of static analysis. She discussed three types of software bugs, how to detect them, and the benefits of flow analysis over other techniques. The presentation demonstrated running flow analysis on sample code and showed how it detected defects without false positives by tracing the flow of data. Nada compared pattern-based and flow-based analysis and concluded that flow analysis is one part of a comprehensive quality strategy.

Uploaded by

neovik82
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

March 31 – April 2, 2009

Data Flow Analysis:


Static Analysis on Steroids
Nada daVeiga,
Solution Architect, Parasoft
3 Types of Software Bugs
ƒ Poorly-implemented requirements

ƒ Missing or incomplete requirements

ƒ Confused user
How to Detect?
ƒ Poorly-implemented requirements
ƒ Regression testing

ƒ Confused user
ƒ Negative testing

ƒ Missing or incomplete requirements


ƒ Flow analysis
Static Analysis Background
ƒ Two main “schools”
1. Program execution/flow-based analysis
2. Pattern-based analysis
Benefits of Flow Analysis
ƒ Perform more comprehensive testing with existing
resources

ƒ Automatically identify defects that pass through


multiple classes

ƒ Focus on actual defects and misuses


Running Flow Analysis
ƒ TestField class - Involves a class instance field
that can be null

ƒ TestLocal class - Involves the same class with a


local variable that can be null

ƒ Both classes call a LocalHelper class. The goal is


to demonstrate how flow analysis handles
1. intra-procedural calls
2. inter-procedural calls (a) within one class
and (b) which cross class boundaries
Running Flow Analysis
ƒ Both of the examples contain instance field and
local variable variations of the same defects

ƒ The methods named “falsePositive” contain false


positives and the methods named “truePositive”
contain true positives
Results
Results – No False Positives
ƒ Flow analysis did not identify any false positives

ƒ Flow analysis found the defects in the


truePositives3 method to be false positives-- even
though other technologies report them as true
errors
Results – No False Positives
Object x; //NPE origin
TestFields(Object x) {
this.x = x;
}
int truePositive3(boolean b) {
Object y = null;
if (x != null)
y = new Object();
if (y != null)
return x.hashCode() +
y.hashCode();
else
return x.hashCode(); //NPE
}
Results – No False Positives
ƒ Instance variable x is initially initialized to null, but
it gets reassigned to the value of argument x in
the constructor call

ƒ Flow analysis saw a potential violation point on


the path but it did not see a path from the
violation origin statement to that line without
going through a constructor

ƒ This was not reported as a violation because the


flow analysis did not find a line where x is
initialized to null
Results – Flagging a True Positive
ƒ Add the following method to TestFields
void callerTruePositive3() {
TestFields tf = new TestFields(null);
tf.truePositive3(true);
}
ƒ Flow analysis now flags this violation since it sees
the violation origin and violation point, as well as
a code path that leads from one to the other
Pattern-Based Analysis vs. Flow-
Based Analysis
ƒ Prevention vs. detection

ƒ Accuracy

ƒ Types of defects

ƒ Ease of analysis
Final Thoughts
ƒ Flow analysis is one part of a comprehensive
quality and security strategy
ƒ Pattern-based static analysis
ƒ Metrics
ƒ Peer code review
ƒ Unit/component testing
Thank you!

For more information:

Nada daVeiga
Solution Architect
Parasoft
888-305-0041 x2433
[email protected]
http://www.parasoft.com

You might also like