Advanced Software Testing Testing Code with Static Analysis

Similar documents
Advanced Software Testing Understanding Code Coverage

Advanced Software Testing Pairwise Testing Techniques

Advanced Software Testing Applying State Diagrams to Business Logic

Code Coverage Metrics And How to Use Them

Advanced Software Testing Integration Testing

Non-GUI Test Automation Concepts and Case Studies in Maintainable Testing

Code Coverage Metrics And How to Use (and Misuse) Them

Agile Testing in the Real World Moving Beyond Theory to Achieve Practicality [NEED PICTURE HERE]

Shift Left and Friends And What They Mean for Testers

Enterprise Challenges of Test Data Size, Change, Complexity, Disparity, and Privacy

Analysis for Testing. by: rex Black. quality matters Q3 2009

Five Hard-Won Lessons In Performance, Load, and Reliability Testing

CERT C++ COMPLIANCE ENFORCEMENT

Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 22 Slide 1

Part 5. Verification and Validation

Motivation was to facilitate development of systems software, especially OS development.

Static Analysis of C++ Projects with CodeSonar

Sample Exam ISTQB Advanced Test Analyst Answer Rationale. Prepared By

Ingegneria del Software Corso di Laurea in Informatica per il Management

Verification and Validation

Motivation was to facilitate development of systems software, especially OS development.

ΗΜΥ 317 Τεχνολογία Υπολογισμού

Objectives. Chapter 19. Verification vs. validation. Topics covered. Static and dynamic verification. The V&V process

Static & Dynamic Testing using Tools. Created by Kudakwashe K. Chambwe

About this exam review

Semantic Analysis. Outline. The role of semantic analysis in a compiler. Scope. Types. Where we are. The Compiler Front-End

Flow Control. CSC215 Lecture

Intro to Proving Absence of Errors in C/C++ Code

Three General Principles of QA. COMP 4004 Fall Notes Adapted from Dr. A. Williams

Verification and Validation. Assuring that a software system meets a user s needs. Verification vs Validation. The V & V Process

Software Testing for Developer Development Testing. Duvan Luong, Ph.D. Operational Excellence Networks

Manuel Oriol, CHCRC-C, Software Testing ABB

Examining the Code. [Reading assignment: Chapter 6, pp ]

Assertions. Assertions - Example

xtreme Programming (summary of Kent Beck s XP book) Stefan Resmerita, WS2015

Can a Mobile Device Save Your Life? Testing, Quality, and Ubiquitous Computing

Iteration. Side effects

CSCI 171 Chapter Outlines

9/5/2018. Overview. The C Programming Language. Transitioning to C from Python. Why C? Hello, world! Programming in C

Atollic TrueINSPECTOR. Improve software quality with static source code inspection!

Software Testing. Software Testing

The C Programming Language. (with material from Dr. Bin Ren, William & Mary Computer Science)

CSE 374 Programming Concepts & Tools

ICT PHP Coding Standards

Chapter 11 Introduction to Programming in C

Elliotte Rusty Harold August From XML to Flat Buffers: Markup in the Twenty-teens

Verification and Test with Model-Based Design

Static Analysis in C/C++ code with Polyspace

Oracle Developer Studio Code Analyzer

Lecture 26: Testing. Software Engineering ITCS 3155 Fall Dr. Jamie Payton

CSE 374 Programming Concepts & Tools. Hal Perkins Fall 2015 Lecture 15 Testing

Chapter 15 Debugging

The role of semantic analysis in a compiler

INTRODUCTION TO SOFTWARE ENGINEERING

Verification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1

Caliber 11.0 for Visual Studio Team Systems

Evaluating Bug Finders

Control Flow. COMS W1007 Introduction to Computer Science. Christopher Conway 3 June 2003

Darshan Institute of Engineering & Technology for Diploma Studies

CS16 Week 2 Part 2. Kyle Dewey. Thursday, July 5, 12

بسم اهلل الرمحن الرحيم

Frama-C s metrics plug-in

Race Catcher. Automatically Pinpoints Concurrency Defects in Multi-threaded JVM Applications with 0% False Positives.

7.3. In t r o d u c t i o n to m e t a d a t a

Chapter 11 Introduction to Programming in C

Verification and Validation

WHITE PAPER. 10 Reasons to Use Static Analysis for Embedded Software Development

int n = 10; int sum = 10; while (n > 1) { sum = sum + n; n--; } cout << "The sum of the integers 1 to 10 is " << sum << endl;

Testing. Topics. Types of Testing. Types of Testing

by Pearson Education, Inc. All Rights Reserved.

Introduction to Computers and C++ Programming p. 1 Computer Systems p. 2 Hardware p. 2 Software p. 7 High-Level Languages p. 8 Compilers p.

References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 10/14/2004 1

Undefined Behaviour in C

Verification and Validation of Models for Embedded Software Development Prashant Hegde MathWorks India Pvt. Ltd.

Have examined process Creating program Have developed program Written in C Source code

Jtest Tutorial. Tutorial

Subject : Computer Science. Paper : Software Quality Management. Module : CASE Tools

Frama-C s metrics plug-in

[ANALYSIS ASSIGNMENT 10]

Testing. Christopher Simpkins Chris Simpkins (Georgia Tech) CS 2340 Objects and Design CS / 13

Verification Using Static Analysis

Verification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1

Chapter 11 Introduction to Programming in C

All the subjective part of 2011 papers solved complete reference numbers

JAVA An overview for C++ programmers

Changes in JHawk 6 1 Changes in JHawk6 Virtual Machinery 2015

(See related materials in textbook.) CSE 435: Software Engineering (slides adapted from Ghezzi et al & Stirewalt

CS 536 Introduction to Programming Languages and Compilers Charles N. Fischer Lecture 5

Static Analysis and Bugfinding

Software Testing. Lecturer: Sebastian Coope Ashton Building, Room G.18

9 th CA 2E/CA Plex Worldwide Developer Conference 1

LibRCPS Manual. Robert Lemmen

C Compilation Model. Comp-206 : Introduction to Software Systems Lecture 9. Alexandre Denault Computer Science McGill University Fall 2006

n Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test

CS 520 Theory and Practice of Software Engineering Fall 2018

The New C Standard (Excerpted material)

Principles of Software Construction: Objects, Design, and Concurrency (Part 2: Designing (Sub )Systems)

Test Driven Development TDD

Testing. ECE/CS 5780/6780: Embedded System Design. Why is testing so hard? Why do testing?

EE 382 Style Guide. March 2, 2018

Transcription:

Advanced Software Testing Testing Code with Static Analysis

Advanced Software Testing A series of webinars, this one excerpted from Advanced Software Testing: V3, a book for technical test analysts, programmers, and test engineers Black box techniques are useful for checking behavior White box techniques are useful for checking code coverage Static analysis allows us to scrutinize the code to look directly for defects Copyright (c) RBCS 2005-2011 Page 2

Static Analysis and Dynamic Testing Like dynamic testing, static analysis looks for defects in software source code and software models Unlike dynamic testing, static analysis is performed without actually executing the system Static analysis involves analysis of the system or its components by a tool, while dynamic testing does not always involve tools Static analysis can find defects that are hard to find or isolate in dynamic testing Examples include maintainability issues, unsafe pointer use Isolation is easier because you find the bug, not the symptom Copyright (c) RBCS 2005-2011 Page 3

What Can We Analyze? Program code (e.g. control flow and data flow) Models of the program (e.g., simulations) Generated output such as HTML and XML Requirements and design documents Copyright (c) RBCS 2005-2011 Page 4

Benefits of Static Analysis Early and cheaper detection of bugs (before test execution starts) Warnings about where bug clusters might exist, due to dangerous programming, high complexity, etc. Location of bugs dynamic testing might miss Detection of dependencies and inconsistencies in software models (e.g., such as link problems in Web pages) Improved maintainability of code and design Prevention of defects based on metrics gathered and lessons learned from analysis Copyright (c) RBCS 2005-2011 Page 5

Typical Static Analysis Bugs Referencing a variable with an undefined value Inconsistent interface between modules and components Variables that are never used Missing or wrong logic Excessive complexity Unreachable (dead) code Programming standards violations Security vulnerabilities Syntax violations of code and software models Copyright (c) RBCS 2005-2011 Page 6

Using Static Analysis Tools Typical users are Programmers, often during unit and integration testing Designers and system architects during design During initial introduction against an existing system, static analysis tools may produce a large number of warning messages Compilers do some static analysis, but many sophisticated tools are available Copyright (c) RBCS 2005-2011 Page 7

Static Analysis vs. Dynamic Analysis We can test code by executing it (dynamic testing) There are other ways to find defects : Reviews: people find the bugs Static analysis: specific methods and tools are applied to the code, looking for a number of different defects and anomalies without actually executing the code, using a tool Dynamic analysis: using tools to look for failures and anomalies in conjunction with executing the code Copyright (c) RBCS 2005-2011 Page 8

Example: Complexity Analysis Copyright (c) RBCS 2005-2011 Page 9

Example: Call Complexity Copyright (c) RBCS 2005-2011 Page 10

Example: Code Parsing Tools #include <stdio.h> int main () { char c; while (c!= 'x'); { c = getchar(); if (c = 'x') return 0; switch (c) { case '\n': case '\r': printf("newline\n"); default: printf("%c",c); } } return 0; } Output of Splint, an open source static analysis tool 1. Variable c used before definition 2. Suspected infinite loop. No value used in loop test (c) is 3. Assignment of int to char: c = getchar() 4. Test expression for if is assignment expression: c = 'x' 5. Test expression for if not Boolean, type char: c = 'x 6. Fall through case (no preceding break) Copyright (c) RBCS 2005-2011 Page 11

Example: Checkstyle Capabilities Check for Javadoc comments for classes, attributes and methods Enforce naming conventions of attributes and methods Check cyclomatic complexity against a specified limit Check for the presence of mandatory headers Check for magic numbers Check whitespaces between specific characters Enforce good practices of class construction Check for duplicated code sections Check for visibility problems -- Wikipedia Copyright (c) RBCS 2005-2011 Page 12

Conclusion In this webinar, we ve seen how to apply static analysis to the find defects in code without running the system In our previous webinars, we looked at various behavior-based test techniques Static analysis allows us to use tools to evaluate the quality of the code directly Static analysis of code can find many defects cheaply and early in the lifecycle Copyright (c) RBCS 2005-2011 Page 13

Contact RBCS For over a dozen years, RBCS has delivered services in consulting, outsourcing and training for software and hardware testing. Employing the industry s most experienced and recognized consultants, RBCS conducts product testing, builds and improves testing groups and hires testing staff for hundreds of clients worldwide. Ranging from Fortune 20 companies to start-ups, RBCS clients save time and money through improved product development, decreased tech support calls, improved corporate reputation and more. To learn more about RBCS, visit. Address: RBCS, Inc. 31520 Beck Road Bulverde, TX 78163-3911 USA Phone: +1 (830) 438-4830 E-mail: info@rbcs-us.com Web: Copyright (c) RBCS 2005-2011 Page 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback